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AUTHORIZATION OF SERVICES IN A provides television programs about history. Each program 

CONDITIONAL ACCESS SYSTEM provided by the History Channel is an "instance" of that 

program source. When the service distribution organization 

This Application is a Continuation of application Ser. No. broadcasts an instance of the program source, it encrypts or 

09/127,352, filed Jul. 31, 1998, now abandoned, which s scrambles the instance to form encrypted instance. An 

claims the benefit of U.S. Provisional Application No. encrypted instance contains instance data, which is the 

60/054,575, filed Aug. 1, 1997, and is a CIP of application encrypted information making up the program. 

Ser. No. 09/111,958, filed Jul. 8, 1998, now abandoned, encrypted instance is broadcast over a transmission 

which claims the benefit of U.S. Provisional application Ser. medl " m ,; Tte tanaiission medium may be wire.ess or il 

_No_60/054,578,-filed-Au & M997 r and-is GIP of-application^o- .-that.is, provuJed-via.a-wire.-a.coaxial.cablej 

c nonJi c-*c «f a 1 a 1 nn/c it e n • m or a fi° er optic cable. It is received in a large number of set 

f n™ 08 ^ 3 ™' 6 ? ° e r 16 ' c" 6 m no^l^ top boxes. The function of set-top box is to determine 

6 005 938, and k a C P of application Ser No. 08/580,759 ^ther encrypted instance should be decrypted and, if so, 

fh 6 k CC fi , 2 f n < 95 ^ U S - Pa, - l A 0 ' r 8 7' m W ^ To to decrypt it to produce a decrypted iostanefcomprising the 

* h n °i U n o o r°T n p^ P f T , : 60/ °° 'm 1 „ information making up the program. This information is 

filed Dec4 >™L™1 g ■CIP of apphcation Ser_ No. is deHvered - t0 - a - televteiTO 

08/415,617, filed Apr. 3, 1995 U S. Pat. No. 5,742,677. decryplors to deC rypt the encrypted instance. 

The present application is further one of seven apphca- « u i . , lU 

r. 4 f r . ~ , , ~ . . A11 i\. Subscnbers generally purchase services by the month 

tions with identical Detailed Descriptions. All of these . . . ? J * . *\ j 

, tU «i- j * j ii u *u ^ (though a service may be a one-time event), and after a 

applications have the same filing date and all have the same v , * , , J . . . y ' , „ . 

. . , , , ci- i a c . subscriber has purchased a service, the service distribution 

assignee. Ine serial numbers and mine dates ot the six 20 . r ' . 

f1 , so organization sends the set top box belonging to the 

applications follow: , • , , iL • ^ 

rr subscriber messages required to provide the authorization 

Ser. No. 09/126,783, filed Jul. 31, 1998, presently information for the purchased services. Authorization infor- 

abandoned, for which a continuation Ser. No. 09/487, mation may 5e sent with the instance data or may be via 

076 was filed on Jan. 19, 2000; ^ a channel, for example, via an out-of-band RF link, 

Ser. No. 09/126,921, filed Jul. 31, 1998, presently to a set top box. Various techniques have been employed to 

allowed; encrypt the authorization information. Authorization infor- 

Ser. No. 09/127,273, filed Jul. 31, 1998, presently mation may include a key for a service of the service 

abandoned, for which a continuation Ser. No. 09/493, distribution organization and an indication of what programs 

409 was filed on Jan. 28, 2000; 30 in the service the subscriber is entitled to watch. If the 

Ser. No. 09/127,152, filed Jul. 31, 1998, presently authorization information indicates that the subscriber is 

abandoned, for which a continuation Ser. No. 09/488, entitled to watch the program of an encrypted instance, the 

104 was filed on Jan. 20, 2000; set " to P box decrypts the encrypted instance. 

Ser. No. 09/126,888, filed Jul. 31, 1998, presently li wiU be appreciated that "encryption" and "scrambling" 

abandoned, for which a continuation Ser. No. 09/464, 35 are similar processes and that decryption and descram- 

794 was filed on Dec. 16, 1999; and Ser. No. 09/126, bhn S m similar P rocesses ; a difference is that scrambling 

795, filed Jul. 31, 1998, issued as U.S. Pat. No. 6,105, and descrambling are generally analog in nature, while 

.^34 encryption and description processes are usually digital. 

The access restrictions are required in both analog and 

FIELD OF THE INVENTION 40 digital systems. In all systems, the continued technological 

improvements being used to overcome the access res trie - 

The invention concerns systems for protecting informa- tions require more and flexiblc access restrictions. As 

tion and more particularly concerns systems for protecting more systems switch from an analog format t0 a dighal 

information that is transmitted by means of a wired or format) or a hybrid system conta ining both analog and 

wireless medium against unauthorized access. 45 digital formats> fiexib i e access restrictions will be required. 

BACKGROUND OF THE INVENTION Restricting access to broadcast information is even more 

important for digital information. One reason for this is that 

One way of distributing information is to broadcast it, that each copy of digital information is as good as the original; 

is, to place the information on a medium from which it can another is that digital information can be compressed, and 

be received by any device that is connected to the medium. 50 consequently, a given amount of bandwidth carries much 

Television and radio are well-known broadcast media. If one more information in digital form; a third is that the service 

wishes to make money by distributing information on a distribution organizations are adding reverse paths which 

broadcast medium, there are a couple of alternatives. A first permit a set-top box to send a message to the service 

is to find sponsors to pay for broadcasting the information. distribution organization, thereby permitting various inter- 

A second is to permit access to the broadcast information 55 active services. Thus, the service distribution organizations 

only to those who have paid for it. This is generally done by require access restrictions which are both more secure and 

broadcasting the information in scrambled or encrypted more flexible than those in conventional systems 

form. Although any device that is connected to the medium nniT . c nnc rnmTTmT r, r ttjt: ™ awtm^ 

*u li j . 1 • £ t . , t , BRIEF DESCRIPTION OF THE DRAWING 
can receive the scrambled or encrypted information, only the 

devices of those users who have paid to have access to the 60 1 ^ a block diagram of a conditional access system; 

information are able to unscramble or decrypt the informa- FIG. 2A is a block diagram of the service instance 

tion. encryption iechniques disclosed herein; 

A service distribution organization, for example a CATV FIG. 2B is a block diagram of the service instance 

company or a satellite television company, provides its decryption techniques disclosed herein; 

subscribers with information from a number of program 65 FIG. 3 is a more detailed block diagram of the service 

sources, that is, collections of certain kinds of information. instance encryption and decryption techniques disclosed 

For example, the History Channel is a program source that herein; 
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FIG. 4 is a block diagram of the techniques used to there will be a detailed exposition of how the techniques 

dynamically provide entitlement agents to a DHCT; described in the foregoing are employed in a broadcast data 

FIG. 5 is a block diagram of a digital broadband delivery delivery system with a node structure and a reverse path 

system in which the conditional access system is imple- from the set top box to the head end, of how secure 

mentcd; 5 processors and memory are employed in the preferred 

FIG. 6 is a block diagram of the conditional access system embodiment to protect keys and entitlement information 

in the digital broadband delivery system of FIG. 5; and of how certain operations are performed in the preferred 

' embodiment. 

FIG. 7 is a diagram of an MPEG-2 transport stream; Conditional Access System Overview 

FIG. 8 is a diagram of how EMMs are mapped into an J0 EIG..1 provides an overview of-a-system-101-for limitingr~ 

-MPEG=2"transport stream; ~~ access to broadcast information. Such systems will be 

FIG. 9 is a diagram of how EMMs are mapped into an IP termed in the as "conditional access systems". A service 

packet; distribution organization 103, for example a CATV company 

FIG. 10 is a diagram of how ECMs are mapped into a or a satellite television company, provides its subscribers 

MPEG-2 transport stream; 15 w * tn information fro m a number of services , that_js,_c.Qllec- 

err-— h— «r- asr^nsa-a- ln, ™ r ^ tions "of "certain" Icinds of information. For example, the 

FIGTH is a detailed diagram of an EMM. „. , . , A . , . . t 

. „ „ , History Channel is a service that provides television pro- 

FIG. 12 is a detailed diagram of a preferred embodiment gfams ^ histQry £ach prQgram provided by tfae HislQry 

of DHCTSE 627; Channel is an "instance" of that service. When the service 

FIG. 13 is a diagram of the contents of memory in 2 o distribution organization broadcasts an instance of the 

DHCTSE 627; service, it encrypts or scrambles the instance to form 

FIG, 14 is a diagram of how NVSCs are allocated to encrypted instance 105. Encrypted instance 105 contains 

entitlement agents in a preferred embodiment; instance data 109, which is the encrypted information mak- 

FIG. 15 is a diagram of an EAD NVSC; in S U P the program, and entitlement control messages 

FIG. 16 is a diagram of other kinds of NVSCs; 25 ( ECM > 10T ™ e ™* messa f s coatain ^ 

mation needed to decrypt the encrypted portion of the 

FIG. 17 is a diagram of an event NVSC; associated instance data 109. A given entitlement control 

FIG. 18 is a diagram of a global broadcast authenticated message is sent many times per second, so that it is imme- 

message (GBAM); diately available to any new viewer or a service. In order to 

FIG. 19 is a detail of the contents of one kind of GBAM; 30 make decryption of instance data 109 even more difficult for 

FIG. 20 is a diagram showing how GBAMs may be used pirates, the content of the entitlement control message is 

generally to provide data to a client application; changed every few seconds, or more frequently. 

~, . c e , , . „ M Encrypted instance 105 is broadcast over a transmission 

FIG. 21 is a diagram of a forwarded purchase message ™ . . , 

^ . medium 112. The medium may be wireless or it may be 

FIG. 22 is a diagram of the entitlement umt message in an 35 « wired » that ^ prov i de d via a wire, a coaxial cable, or a 

ECM; g^j. 0 pti c cable. It is received in a large number of set top 

FIG. 23 is a diagram of a code message; Doxes 113(0 . . . n ), each of which is attached to a television 

FIG. 24 is a diagram showing the relationship between set. It is a function of set-top box 113 to determine whether 

TEDs and the rest of conditional access system 601; encrypted instance 105 should be decrypted and if so, to 

FIG. 25 is a detailed diagram of a TED; 40 decrypt it to produce decrypted instance 123, which is 

FIG. 26 is an illustration of the coordinate system used for delivered to the television set. As shown in detail with regard 

spotlight and blackout; t0 to P box U3 (°)> 561 t0 P box 113 includes decryptor 115, 

™„ . . . . * • 4 i j * . which uses a control word 117 as a key to decrypt encrypted 

FIG. 27 shows how an area is computed in the coordinate . , <a* ^ * i j ■ j j u * i j 

s stem of FIG 26- instance 105. Control word 117 is produced by control word 

^ ' . . 45 generator 119 from information contained in entitlement 

FIG. 28 is a description of a public key hierarchy; and contfol message 10? and informalion from authorization 

FIG. 29 is a description of an EMM generator according information 121 stored in set-top box 113. For example, 

to the present invention. authorization information 121 may include a key for the 

The reference numbers in the drawings have at least three service and an indication of what programs in the service the 

digits. The two rightmost digits are reference numbers 50 subscriber is entitled to watch. If the authorization informa- 

within a figure; the digits to the left of those digits are the tion 121 indicates that the subscriber is entitled to watch the 

number of the figure in which the item identified by the program of encrypted instance 105, control word generator 

reference number first appears. For example, an item with 119 uses the key together with information from ECM 107 

reference number 203 first appears in FIG. 2. to generate control word 117. Of course, a new control word 

55 is generated for each new ECM 107. 

DETAILED DESCRIPTION OF A PREFERRED ^ amhorization information used in a particular set top 

EMBODIMENT box U3 ^ ^ o5tained from one or more entitlement man- 

The following Detailed Description will first provide a agement messages 111 addressed to set top box 113(f). 

general introduction to a conditional access system and to Subscribers generally purchase services by the month 

encryption and decryption, will then describe how service 60 (though a service may be a one-time event), and after a 

instance encoding and decoding is done in a preferred subscriber has purchased a service, service distribution 

embodiment, and will thereupon describe the techniques organization 103 sends set top box 113(0 belonging to the 

used in the preferred embodiment to authenticate the ECMs subscriber entitlement management messages 111 as 

and EMMs of the preferred embodiment. Next, the Detailed required to provide the authorization information 121 

Description will describe how EMMs can be used to 65 required for the purchased services. Entitlement manage - 

dynamically add and remove access to services and the role ment messages (EMMs) may be sent interleaved with 

of encryption and authentication in these operations. Finally, instance data 109 in the same fashion as ECMs 107, or they 
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may be sent via a separate channel, for example via an various cryptographic attacks to steal keys or to deceive the 

out-of-band RF link, to set top box 113(i), which stores the receiver about the source of the messages it receives, 

information from the entitlement management message Moreover, the providers of the systems that actually broad- 

(EMM) 111 in authorization information 121. Of course, cast the services do not necessarily have the same interests 

various techniques have been employed to encrypt entitle- 5 as me providers of the service content, and therefore need to 

ment management messages 111. contro1 not onl y who caa access a § iven instance of a 

Encryption and Decryption Generally service, but also what entities can offer services to a given 

The encryption and decryption techniques used for ser- receiver. ™™ ~ A , 

vice instance encoding and decoding belong to two general Service Instance Encryption and Decryption: FIGS. 2A and 
classes: symmetrical ^ 

niquesr-A-symmetrical key encryption system is one in {{Qn uses etrical k ^ encryption techniques to encrypt 

which each of the entities wishing to communicate has a and decrypt lhe instance and pubMc key encryption 

copy of a key; the sending entity encrypts the message using techniques to transport a copy of one of the keys used in the 

its copy of the key and the receiving entity decrypts the symm etrical key techniques of the key from the service 

message using its copy of the key. An example symmetrical 15 provider to the set-to p box. - — 

ke y encr yptionrdecryption system-is-the-Digital-Encrvption Ih"FrG72A, clear services such as the elementary digital 

Standard (DES) system. A public key encryption system is bit streams which comprise MPEG-2 programs are sent 
one in which each of the entities wishing to communicate through a I st level encryption called the Program Encrypt 
has its own public key-private key pair. A message encrypted function 201, which is preferably a symmetric cipher such as 
with the public key can only be decrypted with the private 20 the well-known DES algorithm. Each elementary stream 
key and vice-versa. Thus, as long as a given entity keeps its may be individually encrypted and the resulting encrypted 
private key secret, it can provide its public key to any other streams are sent to MUX 200 to be combined with other 
entity that wishes to communicate with it. The other entity elementary streams and private data, such as conditional 
simply encrypts the message it wishes to send to the given access data. The key used in the Program Encrypt function 
entity with the given entity's public key and the given entity 25 201 is called the Control Word (CW) 202. The CW 202 is 
uses its private key to decrypt the message. Where entities generated by control word Generator 203 which can be 
are exchanging messages using public key encryption, each either a physically random number generator or can use a 
entity must have the other's public key. The private key can sequential counter with a suitable randomization algorithm 
also be used in digital signature operations, to provide to produce a stream of random CWs, Anew CW is generated 
authentication. For details on encryption generally and sym- 30 frequently, perhaps once every few seconds and is applied to 
metrical key and public key encryption in particular, see each elementary stream on the same time scale. Each new 
Bruce Schneier, Applied Cryptography, John Wiley and CW is encrypted by Control Word Encrypt & Message 
Sons, New York, 1994. Authenticate function 204 using a Multi-Session key (MSK) 
The design of an encryption system for a given applica- 208 provided by Multi-Session Key generator 205. The CW 
tion involves a number of considerations. As will be seen in 35 is then combined into an ECM 107 with other service- 
the following, considerations that are particularly important related information. The ECM 107 is authenticated by 
in the broadcast message environment include the following: Control Word Encrypt & Message Authenticate function 204 
key security: A symmetrical key system is useless if a whicD produces a message authentication code using a 
third party has access to the key shared by the com- keyed-hash value derived from the message content com- 
municating parties, and a public key system is also 40 bined with a secret which can be snared with the receiving 
useless if someone other than the owner of a given set-top box 113. This secret is preferably part or all of the 
public key has access to the corresponding private key. MSK 208. The message authentication code is appended to 
key certification: how can the recipient of a key be sure the ECW [ 107 ™ e , CW 202 * ^V?^? 
that the key he or she has received is really a key S^iS^i! r g , ki P u 
belonging to the entity to which the recipient wishes to 45 MU * 20 °* ™? f * Y * sy T ' ^ 
send an encrypted message and not a key belonging to * uch f the Jnple-DES algorithm usmg two d^tinct 56-bit 

another entity which wishes to intercept the message? ke £ (w ^ ^V° g ^ "TfT 1 ^ ^ 

. . c The MSK 208 has a longer lifetime than CW 202. The 
message authentication: how can the recipient of a mes- MSK lifetime is typically hours to days in length. MSK 208 
sage be sure that the message is from the party it claims 5Q ^ both encrypted md digitally signed by MSK Encrypt & 
to be from, and/or that the message has not been Digiul signature functioa 2 06 before being sent to MUX 
altered? 200 encapsulated in EMM 111. 
speed of encryption and decryption: in general, symmetri- MSK 208 and other parts of EMM 111 are preferably 
cal key encryption systems are faster than public key encrypted using a public key algorithm, such as the well- 
encryption systems and are preferred for use with 55 known RSA algorithm, with a public key associated with the 
real-time data. specific set-top box 113 to which the EMM is addressed. The 
key size: in general, the longer the key used in an public keys of all set-top boxes 113 in a system 101 are 
encryption system, the more resources will be required stored in Public Key Data Base 207, The public keys in this 
to break the encryption and thereby gain access to the data base are preferably certified by a certificate authority, 
message. 60 The digital signature function in 206 is preferably the RSA 
All of the foregoing considerations are influenced by the digital signature method, although others could be used. In 
fact that the environment in which a conditional access the case of an RSA digital signature, the private key which 
system operates must be presumed to be hostile. Many is used to make the signature belongs to the entitlement 
customers of broadcast services see nothing wrong with agent within service distribution organization 103 respon- 
cheating the service provider and have nothing against 65 sible for authorizing the associated service, 
tampering physically with the portion of the conditional In FIG. 2B, the corresponding DHCT private key and 
access system that is contained in the receiver or using associated DHCT public secure micro serial number are 
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stored in memory 232 of decoder 240. Public secure micro any change in what is hashed produces a change in the 

serial number is provided so that demultiplexer 230 can short bit string; and 

select an encrypted multi-session key addressed to decoder it is computationally infeasible to construct a different 

240 from transport data stream (TDS). Encrypted multi- message which produces the same short bit string as the 

session key EK pr (MSK) is decrypted in decryptor 234 using 5 EMM. 

DHCT private key from memory 232 to provide multi- The short bit string output of the hash function can thus 

session key MSK. Demultiplexer 230 also selects from be used to determine whether the contents of the EMM have 

transport data stream TDS encrypted control word (CW) changed in transit without disclosing those contents. The 

^msk (CW)- Tk £ encrypted CW is processed in decryptor preferred embodiment uses the Message Digest 5 one way 
_23_6„using_mulliTsession-key-MSK^ 

provide the unencrypted CW. The unencrypted CW prefer- on one-way hash functions, see the Schneier reference, 

ably changes at a high rate, for example, once every few supra. The digest is a sealed digest because it is encrypted 

seconds. Demultiplexer 230 also selects from transport data with a private key SP Kr 310 belonging to the entitlement 

stream TDS encrypted service B cvv (SERVICE). The agent (EA) that has the right to give the DHCT access to the 

encrypted service is pro cessed in decrypt or 238 usin g th e is service fo r which_the_MSK-is_used-to-produce-the^key. 

"CW — as - the decryption key to recover the unencrypted Before the sealed digest can be used to check whether the 

service. EMM was transmitted correctly, it must be decrypted using 

Detailed Implementation of the Encryption System of FIG. the entitlement agent's public key. The sealed digest thus 

2: FIG. 3 confirms to the DHCT both that the contents of the EMM 

FIG. 3 presents more details about a preferred implemen- 20 have been transmitted correctly and that the source of the 

tation of the system of FIG. 2. Encryption/decryption system EMM is the entitlement agent. 

301 has two main components: service origination compo- Once the sealed digest is made, the contents of the EMM 
nent 305 and service reception component 333. The two are (here, MSK 309 and the related information) are encrypted 
connected by a transmission medium 331, which may be any with the public key DHCT Ku 312 of the DHCT 333 to 
medium which will carry a message from service origination 25 which EMM 315 is addressed and EMM 315, containing the 
component 305 to service reception component 333. Service encrypted contents and the sealed digest, is sent via trans- 
reception component 333 is implemented in a set-top box, mission medium 331 to the DHCT 333. In the following, the 
termed hereinafter a digital home communications terminal notation Kr is used to indicate a private key and Ku is used 
(DFICT). It may, however be implemented in any device to indicate a public key. The notation RSA indicates that the 
which has the necessary computation power, for example, a 30 encryption is done using the well-known RSA public key 
personal computer or work station or an "intelligent" tele- encryption algorithm. 

vision set. In the service origination component, at least the As shown in DHCT 333, EMM 315 can only be decrypted 

portion labeled 306 is typically implemented in equipment by the DHCT 333 whose private key 337 (DHCT Kr) 

located at the head end of a broadcasting system such as a corresponds to the public key used to encrypt EMM 315. 

cable television (CATV) or satellite TV system. In some 35 DHCT 333 decrypts EMM 315 and uses the sealed digest to 

embodiments, however, the head end may be provided with determine whether the EMM 315 was correctly transmitted, 

already-encrypted instances of the service. The remaining The determination is made by using public key SP Ku 335 

portion 308 may also be located at the head end, but may for the entitlement agent to decrypt the sealed digest. Then 

also be located anywhere which has access of some kind to the contents of EMM 315 are hashed using the same secure 

head end 306 and service reception component 333. The 40 one-way hash function that was used to make the digest. If 

latter is particularly the case if the EMMs are sent out of the results of this hash are identical to the decrypted sealed 

band, for example by way of a wide-area network such as the digest, the determination succeeds. The check with the 

Internet. Also, the transmission medium may be storage sealed digest will fail if the transmission to the DHCT 333 

media, where the service origination point is the manufac- was corrupted in transit, if DHCT 333 does not have the 

turer of the media, and the service reception component may 45 private key corresponding to the public key used to encrypt 

be the element which reads the storage media. For example, the EMM (i.e., is not the DHCT 333 for which EMM 315 

the transmission medium can be a CD-ROM, DVD, floppy was intended), or if DHCT 333 does not have public key 335 

disk, or any other medium that can be transferred, (SP Ku) corresponding to the private key of the EA that was 

physically, electronically, or otherwise. used to make the sealed digest. The latter will be the case if 

Beginning with service origination portion 305, random 50 that DHCT 333 has not been given access to services 

number generator 307 is used to generate MSK 309. Next, provided by the entitlement agent. EMMs 315 addressed to 

an EMM 315 containing MSK 309 and related information DHCT 333 are sent repeatedly; consequently, if the problem 

is produced, EMM 315 also includes a sealed digest. The was corruption in transit, an uncorrupted EMM 315 will be 

sealed digest has two purposes: to ensure that the informa- received shortly and the determination will succeed. How 

tion placed in EMM 315 by service origination 305 is the 55 DHCT 333 comes to have SP Ku 335 needed to decrypt the 

same information that arrives at DHCT 333 and to ensure sealed digest will be explained in more detail later, 

that the information has in fact come from an entity which The next stage in service origination 305 is generating 

is empowered to give access to the service. control word 319 used to actually encrypt service instance 

The sealed digest is made in two stages: first, a digest of 325 and generating the ECM 323 which carries the infer- 
tile EMM's contents (here, MSK 309 and the related 60 mation needed to decrypt the service instance to DHCT 333. 
information) is made by hashing the contents in a secure The control word 319 is generated by random number 
one-way hash function to produce a relatively short bit generator 317. This can be a true random number generator, 
string. The secure one-way hash function has three proper- whose output is the result of some basic underlying random 
ties: physical process, or some other means, for example, the 

the contents that were hashed to produce the short bit 65 result of encrypting a value, called a "counter" (which 

string cannot be determined from the short bit siring; increments by one after each use) with 3DES, using the 

and MSK as the key. In the case of a true random number, the 
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encrypted control word is transmitted in the ECM. In the 
case of the counter-based control word generation, the clear 
version of the "counter" is used in the transmitted ECM. As 
mentioned above, the control word is a short-term key, i.e, 
it has a life time of a few seconds or less. Included in the 
ECM 323 is a digest of the contents plus the MSK which is 
made using the MD5 one-way hash just described. The 
inclusion of the MSK in making the digest gives the entitle- 
ment agent to which the ECM 323 belongs a shared secret 
with the DHCTs 333 thaJ^re_ent^o^t^receiye_ service. 

— ihstan^sTronTthe entitlement agent and consequently pre- 
vents "spoofing" of ECMs 323, that is, provision of ECMs 
323 from a source other than the entitlement agent. As will 
be seen in more detail later, the preferred embodiment uses 
the shared secret technique generally to authenticate mes- is 

-sagesAvhich contain-messages that have real-time value with 
regard to an instance of a service. 

ECM 323 is sent together with encrypted content 329 to 
DHCT 333. The first ECM 323 for a given portion of 
encrypted content 329 must of course arrive at DHCT 333 20 
before the encrypted content does. In the preferred 
embodiment, content 325 and ECM 323 are encoded accord- 
ing to the MPEG -2 standard. The standard provides for a 
transport stream which includes a number of component 
streams. Some of these carry content 329, another carries the 25 
ECMs 323, and a third carries the EMMs 315. Only the 
streams carrying content 329 are encrypted according to 
DES 329; since the control words in ECMs 323 and the 
contents of EMMs 315 have already been encrypted, no 
further encryption is needed when they are sent in the 30 
MPEG-2 transport stream. The manner in which EMMs and 
ECMs are transported in the MPEG-2 transport stream will 
be described in more detail later. 

When an ECM 323 is received in DHFT 333, control 
word 319 is either decrypted or found by encrypting the 35 
counter value at 343 using the MSK. The integrity of the 
contents of the ECM 323 is checked by comparing the value 
resulting from hashing the contents plus some or all of the 
MSK (based on cryptographic principles) in the one-way 
hash function with the message digest contained in ECM 40 
323. Included in the contents are control word 319 and 
information identifying the service instance 325 which ECM 
323 accompanies. The identifying information is used 
together with the authorization information received with 
EMM 315 to determine whether DHCT 333 is authorized to 45 
receive the service instance 325. If it is, control word 319 is 
used in service decryptor 347 to decrypt encrypted content 
to produce original content 325. 

System 301 offers a number of advantages with regard to 
security. It takes advantage of the speed of symmetrical 50 
encryption systems where that is needed to decrypt 
encrypted content 329 and the control word in ECM 323. 
The control word is protected by encrypting it using the 
MSK, and ECM 323 is authenticated by using some or all of 
MSK 309 as a shared secret between the entitlement agent 55 
and DHCT 333. MSK309 is protected in turn by the fact that 
it is sent in an EMM which is encrypted using the DHCT's 
public key and by the fact that the EMM includes a scaled 
digest which is encrypted using the entitlement agent's 
private key. Further security is provided by the fact that 60 
service identification information from ECM 323 must agree 
with the authorization information received in EMM 315 
before control word 319 is provided to service decryptor 
347, For example, as described in detail in the Banker and 
Akins parent patent application supra, one use of the infor- 65 
mation in ECM 323 and EMM 315 is to prevent what are 
termed "replay attacks" on the encrypted services. In addi- 



tion to being secure, system 301 is flexible. The authoriza- 
tion information contained in EMM 315 and the service 
identification information contained in ECM 323 together 
permit a wide range of access to service instances received 
5 in DHCT 333. 

Dynamic Provision of Multiple Entitlement agents to DHCT 
333: FIG. 4 

The use of the sealed digest in EMM 315 means that 
DHCT 333 will not respond to EMM 315 unless it has a 
iQ~public-key-for-the-entitlement agent^harhas"the~power~tb _ 
give entitlements to the service to be decrypted by the MSK 
in EMM 315. This is part of a broader arrangement which 
makes it possible to dynamically provide DHCT 333 with 
one or more entitlement agents and to dynamically remove 
is providedent itlement a gents_from_DHCT-333.~ 



The entity which provides and removes entitlement agents 
is called the conditional access authority (CAA). The 
arrangement further permits entitlement agents that have 
been provided to DHCT 333 to dynamically modify their 
authorization information in DHCT 333. All of the infor- 
mation needed to perform these operations is sent via 
EMMs, with the sealed digests being used to ensure that 
only the CAA may add or remove entitlement agents and 
that only the entitlement agent to which authorization infor- 
mation belongs may modify the authorization information. 
The above arrangement has a number of advantages: 
It permits multiple entitlement agents. 
It permits dynamic addition and removal of entitlement 
agents. 

It places limits on the services to which an entitlement 
agent may grant entitlements, but otherwise permits 
entitlement agents to manage their own authorization 
information. 

It separates the business of providing entitlements to 
services and service instances from the business of 
actually providing instances of the service; 
consequently, a CATV operator may simply run as a 
distribution utility. 
It separates the business of giving an entity the right to be 
an entitlement agent from the business of being an 
entitlement agent. 
It provides an easy way of permitting a customer to 

change entitlement agents as he or she sees fit. 
It provides a secure arrangement whereby a DHCT 333 
may communicate by means of a reverse path with an 
entitlement agent, a conditional access authority, or 
potentially the provider of the instances of the service. 
FIG. 4 shows how the arrangement is implemented in a 
preferred embodiment. FIG. 4 is best understood as an 
extension of FIG. 3. Both FIG. 4 and FIG. 3 have the same 
major components: service origination 305, DHCT 333, and 
transmission medium 331 for coupling the two. Further, 
encryptor 313 and decryptor 339 are used in both figures. 
Moreover, as indicated by reference number 308, the EMMs 
may be either sent tooether with a service instance or by 
another channel. FIG. 4 further shows an additional com- 
ponent of DHCT 333, namely EMM manager 407. EMM 
manager 407 is implemented in software executed in a 
secure processor in DHCT 333. The task of EMM manager 
407 is to respond to EMMs which add or remove entitlement 
agcuis and to EMMs which modify the authorizations for an 
entitlement agent. EMM manager 407 further provides mes- 
sages by means of which DHCT 333 may communicate with 
an entitlement agent or a conditional access authority. 

Initially, EMMs that modify an entitlement agent's autho- 
rization information are made in response to modification 
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information 403 provided by the entitlement agent or formed at some time in the past, the entitlement agent 

required by the network operator. As shown at 313, the sends modification EMM 405 with the authorization 

modification information is encrypted using the public key information for the newly-ordered service or service 

312 for DHCT 333 and has a sealed digest that is encrypted instance to DHCT 333. EMM manager 407 responds 

using the private key 310 for the entitlement agent. The 5 thereto by storing the authorization information in the 

resulting authorization modification EMM 405 is sent via allocated space. 

transmission medium 331 to decryptor 339 in DHCT 333, 3. Once step (3) is done, DHCT 333 can receive EMM 315 

where it is decrypted and checked in the manner described with the MSK for the service from the entitlement agent, 

above for EM Ms 315 containing an MSK. The EA modifi - EMM manager 407 stores the MSK in the allocated space. 



cation information 403 contai ned_in„the_EMM— goes,— iO-4*When the-actual service mstance issentrit~is~accompanie~d~ 

However, to EMM manager 407, which uses the information by ECMs containing the current control word. The MSK 

to modify the authorization information for the entitlement is used to decrypt the ECMs and the control words 

agent in DHCT 333. Examples of modifications include obtained from the ECMs are used to decrypt the instance 

adding or canceling services provided by the entitlement of the service. 

authority and changing the conditions under which access to is The above use of EM Ms _and„ECMs-tO-Control-access-to- 

instances-of-a-given service~wiU~b~e _ g7aTUed~ " "instances of a service thus guarantees that no entitlement 

As indicated above, the sealed digest is encrypted using agent will have access to DHCT 333 without permission of 

the private key of the entitlement agent. Consequently, the the conditional access authority and that no DHCT 333 will 

validity of the EMM can only be determined if DHCT 333 have access to an instance of a service without permission of 

has the entitlement agent's public key. The public key for an 20 the entitlement agent for the service. It also makes it possible 

entitlement agent is provided to DHCT 333 by an EA for the entitlement agent to be in complete control of the 

allocation EMM 413 from a conditional access authority. service. Access to the service is defined by the EMMs 405 

EMM 413 contains entitlement agent allocation information and 315, and these may be sent by the entitlement agent to 

409 from the conditional access authority; at a minimum, DHCT 333 independently of the service distribution orga- 

entitlement agent allocation information 409 contains the 25 nization. Further, it is the entitlement agent which provides 

public key for the entitlement agent; it may also contain the MSK used to generate control words and decrypt the 

information about the amount of memory an entitlement ECM to both the service distribution organization and 

agent may have in DHCT 333 and about classes of service DHCT 333. Indeed, if the entitlement agent wishes to do so, 

that an entitlement agent may offer. For example, the entitle- it can itself provide encrypted instances of the services to the 

ment agent may not be permitted to offer interactive ser- 30 service distribution organization, which, in such a case, 

vices. Information 409 is encrypted with the public key 312 merely functions as a conduit between the entitlement agent 

of DHCT 333, and the sealed digest is encrypted with private and DHCT 333. 

key 411 of the conditional access authority. Secure Transmission of Messages via the Reverse Path 

In DHCT 333, EMM 413 is decrypted using private key FIG. 4 also shows how the techniques used to ensure the 

337 belonging to DUCT 333 and the sealed digest is 35 security of EMMs are also used to ensure the security of 

decrypted using CAA public key 415. If the digest confirms messages sent from DHCT 333, The example shown in FIG. 

the correctness of the contents of the EMM, EMM manager 4 is a forwarded purchase message (FPM). The forwarded 

407 allocates storage for the entitlement agent whose public purchase message is used for the interactive purchase of an 

key is contained in EMM 413. That done, EMM manager instance of a service. One example of such a purchase is 

407 places the entitlement agent's public key in the storage. 40 what is called impulse pay-per-view, or IPPV. In such a 

The storage provides a place to store the entitlement agent's system, the beginning of an event, for example, a baseball 

public key, the authorization information for the services and game, is broadcast generally and customers can decide 

service instances provided by the entitlement agent, and the whether they want to see all of it. In that case, they must 

MSKs provided by the entitlement agent. Once DHCT 333 provide input to DHCT 333 that indicates that they wish to 

has the entitlement agent's public key and storage for the 45 see the entire event. EMM manager 407 responds to the 

entitlement agent's authorization information and MSK, input by making the FPM and sending it to the entitlement 

EMM manager 407 can respond to EMMs from the entitle- agent so that the entitlement agent can charge the customer 

ment agent. Of course, in order to decrypt the sealed digest, for the event and send an EMM 315 confirming that DHCT 

DHCT 333 must have public key 415 for the conditional 333 may continue to decrypt the event. The information 

access authority. As will be explained in more detail later on, 50 needed by the entitlement agent is forwarded entitlement 

in a preferred embodiment, public key 415 and the public information 417; to ensure the privacy of the customer, this 

and private keys for DHCT 333 are installed in DHCT 333 information is encrypted using the 3DES algorithm with a 

at the time that DHCT 333 is manufactured. key 420, as shown at 343, to produce encrypted forward 

When a customer orders a service, the arrangements just entitlement information 419. The key 420 is composed of 

described interact as follows: 55 two 56-bit DES keys. The 3DES encryption operation is a 

1. If the service is provided by an entitlement agent for sequence of three DES operations: encryption using the first 
which the customer's DHCT 333 does not have the public DES key, decryption using the second DES key, and encryp- 
key, the conditional access authority must first send EA tion using the first DES key Then key 420 is encrypted using 
allocation EMM 413 to DHCT 333; EMM manager 407 the public key 335 of the entitlement agent and the sealed 
responds by allocating storage for the entitlement agent. 60 digest is made using the private key of DHCT 333. All of 
Only the conditional access authority can send EA alio- these parts together make up forwarded purchase message 
cation EMM 413, and consequently, the conditional 421, which is addressed to the entitlement agent. 

access authority (CAA) can control access by entitlement At the entitlement agent, key 420 is decrypted using the 

agents to customers of a particular service distribution entitlement agent's private key 310, and the sealed digest is 

organization. 65 decrypted using the public key 312 of the DHCT. If the 

2. If DHCT 333 has the entitlement agent's public key, either Encrypted Forwarded Entitlement Information (EFEI) 419 
because step (1) has just been performed or was per- contained in the FPM 421 is determined not to have been 
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tampered with, it is passed to 3DES decryption 443, which vice Infrastructure 503 components with headend 515. In a 

decrypts it using key 420 and provides forwarded entitle- preferred embodiment, Core Network 513 consists of ATM- 

ment information 417 to the entitlement agent. As will be based switching and transmission facilities. Headend 515 

immediately apparent, the same technique, with or without provides an interface between service infrastructure 503 and 

the 3DES encryption of the contents of the message, can be 5 transport infrastructure 517. Transport infrastructure 517 

used to send messages to any entity for which DHCT 333 provides a high-bandwidth interconnection from headend 

has the public key. At a minimum, this includes the CAAand 515 to hubs 519(0 . . . n). Each hub 519(0 serves an access 

any entitlement agent which has been allocated memory in network 521(/), which consists of hybrid fiber coax (HFC) 

DHCT 333. nodes 523 connected via a coax bus network to DHCTs 333. 

Aujlhenticat ion of Globa l BroadcasLMessages 1Q-A given DHGT-333(/t) in DBDS 501 thus belongs toan HFC 

" ~A global broadcast message is one which is not addressed node 5320) in an access network 521 (t). Transport infra- 

to any individual DHCT 333 or to any group of DHCTs 333. structure 517 and access network 523 may provide only a 

In a preferred embodiment, global broadcast messages forward channel from head end 515 to a given DHCT 

accompany instances of services and contain information 333(A), but preferably provide both a forward channel and a 

that is relevant to the instance they accomp any, is reverse path. Each instance o f.a.DBDS^Ol-generally- 

-Gorisequentlyrme eTicTyption"and^th^tic^tion techniques provides service to a metropolitan area, 

used in the global broadcast messages must permit rapid DBDS 501 can be implemented in a variety of configu- 

decryption and authenticity checking. One example of a rations to fit the circumstances of a particular service envi- 

global broadcast message is the ECM. Other examples are ronment. For example, headend equipment may be deployed 

the different types of global broadcast authenticated 20 within headend 515, within a hub 519(i), or as part of a 

messages, or GBAMs. As with ECMs, it is necessary to VASP system 509. DNCS components 506 may be deployed 

prevent global broadcast messages from being spoofed, and within headend 515 or distributed among the hubs 519. 

it is done in the same fashion as with the ECMs. More Transport infrastructure 517 may utilize SONET add/drop 

specifically, the digest is made using some or all of the MSK multiplexing, analog fiber technology, or other transmission 

together with the content of the global broadcast message. 25 technologies. 

The MSK thus functions as a shared secret between the Overview of the Conditional Access System: FIG. 6 

entitlement agent and DHCT 333. When EMM manager 407 FIG. 6 shows the components of a preferred embodiment 

receives the global message, it makes a digest using the of conditional access system 601 in DBDS 501. Conditional 

contents of the received message and the MSK and responds access system 601 is a collection of components DNCS 507, 

to the received message only if the digest agrees with the one 30 headend 515, and DHCT 333 that together provide security 

contained in the message. An advantage of using a digest and conditional access services. 

made with the MSK to authenticate the global broadcast The components of conditional access system 601 perform 

message is that the digest may be both made and checked the following functions: 

very quickly. 1- encrypting the service content 

Implementation of the Conditional Access System in a 35 2. encrypting the control words used for service encryption 

Digital Broadband Delivery System 3. authenticating the ECMs that contain the encrypted con- 

The foregoing has described the conditional access sys- trol words 
tem in terms of ECMs, EMMs, and other messages and in 4. passing the ECMs to DHCTs 
terms of the manner in which the messages and their digests 5. managing a subscriber authorization database 
are encrypted and decrypted. The conditional access system 40 6. encrypting and authenticating EMMs containing sub- 
as just described will work with any communications scriber entitlement information 
arrangement which permits an instance of a service to be 7. passing the EMMs to DHCTs 

delivered to a DHCT together with ECMs and other broad- 8. decrypting the EMMs and checking their authenticity at 

cast messages and which permits the DHCT to receive the DHCTs 

EMMs from a conditional access authority and one or more 45 9. responding to the EMMs by modifying entitlement infor- 

entitlement agents. The conditional access system is, mation in the DHCTs 

however, particularly well-suited for use in a modern digital 10. responding to the ECMs by authenticating them, 

broadband delivery system, and the following will describe decrypting the control word, and checking entitlement at 

how the conditional access system is implemented in such a DHCT 333, and 

delivery system. 50 11. if the ECM is authentic and the authorizations permit, 

Overview of the Digital Broadband Delivery System: FIG. decrypting the service content. 

5 These requirements are met by the following components of 

FIG. 5 provides an overview of digital broadband delivery conditional access system 601: 

system (DBDS) 501. DBDS 501 includes service in frastruc- Stream Encryption & ECM Streamer Modules 620 in 

ture 503, a headend 515, a transport infrastructure 517, hubs 55 head end 515; Control Suite 607 in DNCS 507; 

519 (0 . . . n), access networks 521 (0 . . . n), and Digital I. Transaction Encryption Device 605 in head end 515, with 

Home Communications Terminals (DHCTs) 333. The ser- secure link to DNCS 507; 

vice infrastructure consists of Value-Added Service Provider II. Service Decryptor Module 625 in DHCT 333; 

(VASP) systems 509, which are systems that provide ser- III. Security Manager Module 626 in DHCT 333; and 

vices to the broad band delivery system, the Digital Network 60 IV. DHCTSE 627 in DHCT 333. 

Control System (DNCS) 507, which manages and controls FIG. 6 depicts a typical configuration of these compo- 

services provided by means of DBDS 501, the Admiuistra- nents for securing digital services within DBDS 501. In the 

tive Gateway (AG) 505, which is a source of service following, the components will be described in more detail, 

provisioning and authorization information in DBDS 501, Service Encryption & ECM Streamer Module 620 

Network Management System (NMS) 511, which maintains 65 Service Encryption and ECM Streamer (SEES) module 

a database of system status and performance information, 620 is a component of QAM Modulator 619 that operates 

and the Core Network 513, which interconnects other Ser- under direction of control suite 607 to encrypt the MPEG-2 
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transport stream packets that are employed in the preferred 
embodiment to transmit service content 325. As shown in 
FIG. 6, service content 325 may be received from sources 
such as a digital satellite distribution system 613, a digital 
terrestrial distribution system 611, or a media server 609. 
Media server 609 may be connected to head end 515 by a 
broadband integrated gateway 615. SEES 620 uses MSK 
309 to generate the control words 319 used for service 
encryption and creates ECMs 323 for transporting the con- 
trol words_t ogether with encrypted_service_content-329- 

^withinThe outgoing MPEG-2 Transport Stream. SEES 620 
encrypts the control words in the ECMs 323 with MSKs 
309. The MSKs are generated by TED 603 and are sent to 
SEES 620 in encrypted form in EMM-like messages. 
DHCT 333 

— DHCT-333-is-comiected betwee"n"the"HFC network 521 
and the customer's television set. DHCT 333 receives and 
interprets EMMs, ECMs, and GBAMs and decrypts 
instances of services. DHCT 333 further provides the cus- 
tomer interface for DBDS 501 and receives customer input 
628 from the customer. In response to the customer input, 
DHCT 333 may generate FPMs or other messages that travel 
via the reverse path to the CAA or to EAs. In a preferred 
embodiment, DHCT 333 is implemented using a combina- 
tion of general purpose processors, ASICs, and secure 
elements (which may be implemented discretely or 
integrated). For purposes of the present discussion, DflCT 
333 has three important components: service decryption 
module 625, security manager 626, and DHCT secure ele- 
ment (DHCTSE) 627. Service decryption module 625 is 
preferably implemented in an ASIC, and security manager 

626 is preferably implemented in software. DHCTSE 627 is 
a secure element for performing security and conditional 
access-related functions. 

Service Decryptor Module 625 

Service decryptor module 625 is the component of DHCT 
333 that decrypts the encrypted MPEG-2 transport stream 
packets. Service decryptor 625 receives the control words to 
be used for service decryption from DHCTSE 627. 
DHCTSE 627 controls which transport stream packets are 
decrypted by only passing the control words for authorized 
services to service decryptor 625. 
Security Manager 626 

Security manager 626 is a software module of the DHCT 
that provides an interface between applications running on 
DHCT 333 which use the conditional access system and 
DHCTSE 627. It also coordinates processing between the 
service decryptor module and DHCTSE 627. 
DHCTSE 627 

DHCTSE 627 stores keys, interprets EMMs and ECMs, 
and produces FPMs. With the EMMs and ECMs, it does the 
decryption and authentication required for interpretation and 
with FPMs, it makes the sealed digest and encrypts the FPM. 
Thus, in the preferred embodiment, EMM manager 407 is 
implemented in secure element 617. In addition, DHCTSE 

627 provides encryption, decryption, digest, and digital 
signature services for other applications executing on DHCT 
333. Secure element (DHCTSE) 627 includes a micropro- 
cessor and memory that only the microprocessor may 
access. Both the memory and the microprocessor are con- 
tained in tamper-proof packaging. In interpreting EMMs, 
DHCTSE 627 acquires and stores keys and entitlement 
information; in interpreting ECMs, DHCTSE 627 uses the 
entitlement information to determine whether DHCT 333 
receiving the ECM has an entitlement for the instance of the 
service which the ECM accompanies; if it does, DHCTSE 
627 processes the ECM, and provides the control word to 



40- 



service decryptor module 625 in a form that it may use to 
decrypt or descramble services. DHCTSE 627 further 
records purchase information for impulse-purchasable ser- 
vices such as IPPV and stores the purchase data securely 
until the data is successfully forwarded via a forwarded 
purchasing message to control suite 607. DHCTSE 627 
maintains MSK for the EAs, the private/public key pairs for 
DHCT 333, and the public keys of the conditional access 

authorities and the entitlement agents. 

-Gontr ol-Suite-607 

Control suite 607 is a member of the DNCS family of 
software. Control suite 607 controls the encryption of ser- 
vices performed by a SEES module 620 based upon input 
from the DNCS broadcast control suite component. Control 
Suite 607 also maintains^a_database-Qf-subscriber-authori-- 
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zations based upon transactions received from Administra- 
tive Gateway 511. Control suite 607 generates EMMs for 
communicating subscriber authorizations and other condi- 
tional access parameters to the DHCTSE 627. Control suite 
607 acts on behalf of entitlement agents. The EMMs gen- 
erated by control suite 607 for communicating subscriber 
authorizations and other conditional access parameters to 
DHCTSE 627 are encrypted with the public keys of the 
DHCTs 333 to which they are directed and are authenticated 
with the private key of the EA, which is maintained by 
transaction encryption device (TED) 603. DHCTSE 627 
maintains the public key of the EA and uses it to confirm the 
authenticity of EMMs generated by control suite 607 for the 
EA. 

Control Suite 607 further enables the establishment of a 
conditional access authority (CAA). Control suite 607 gen- 
erates EA allocation EMMs 413 which pass the public key 
of the EA to a DHCTSE 627. These EMMs 413 are 
encrypted as described above, but are authenticated using a 
digital signature made with the private key of the CAA, 
which is maintained by TED 603. DHCTSE 627 is pre- 
provisioned with the public key of the CAA for use in 
confirming the authenticity these EMMs 413. 

Communications between control suite 607 and the rest of 
conditional access system 601 are by means of LAN inter- 
connect devices 605 and 617. Device 605 connects Control 
Suite 607 to Administrative Gateway 505, from which it 
receives the information necessary to make ECMs and 
EMMs, and device 617 connects it to the SEES modules 620 
in the QAM modulators and to QPSK modulator 621 and 
QPSK demodulator 623, which are in turn connected to HFC 
network 521. The connection between Control Suite 607 and 
DHCT 333 via LAN interconnect device 617, modulator 
621, demodulator 623, and HFC network 521 implements 
the reverse path needed for messages such as FPM 421 and 
also implements a forward channel to DHCT 333. Tnis 
forward channel is independent of the forward channel used 
to provide the services. In conditional access system 601, 
Control Suite 607 can send EMMs or broadcast messages to 
DHCT 333 either by the forward channel just described or 
by sending them together with an instance of a service. 
Transaction Encryption Device 603 

Transaction Encryption Device (TED) 603 serves as a 
peripheral to Control Suite 607. TED 603, under the direc- 
tion of Control Suite 607, encrypts and makes sealed digests 
of various conditional access system messages, including 
EMMs. TED 603 may also generate and store (MSKs) 
which are used by SEES 620 to encrypt the control words in 
the ECMs and to decrypt the control words in DHCTSE 627. 
TED 603 further uses the MSKs to authenticate the global 
broadcast message class of conditional access system mes- 
sages. Authentication is done by hashing the contents of the 
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message together with some or all of the MSK, TED 603 
decrypts and verifies the authenticity of Forwarded Purchase 
Messages 421 sent from the DHCTs 333 as well as other 
messages sent using the reverse path, TED 603 maintains the 
private keys of the CAA and the EA and receives from the 5 
DNCS the public keys of the DHCTs from which it receives 
messages. As will be explained in more detail below, TED 
603 receives the public keys from a source that confirms the 
authenticity of each key. TED 603 finally makes a sealed 
digest for the EMMs usingjhe^pnv^eJ^y^tJie_CAA.and_io- 
~EA as appropriate forlhe EMM. 

Using the Conditional Access System to Support Services 
and Programs Executing in DHCT 333 or Service Infra- 
structure 507 

The conditional access system can be utilized to secure 15 
-me^jrovisionkg-of-a-service-ortopiwide 
to programs executing on DHCT 333 or programs in Control 
Suite 607, Secure service provision does not require that the 
DHCT programs that support the service be secure. The 
reason for this is that the following may be done only by 20 
DHCTSE 627 in DHCT 333 or by a TED 603: 

generation of the MSK; 

storage of the MSK; 

storage of the keys needed to encrypt and/or decrypt 
EMMs and to make and check sealed digests; 25 

storage of the entitlement information received from the 
EAs; 

encryption and/or decryption of EMMs; 

encryption or decryption of the control word; 3Q 

provisioning of the MSK to SEES module 607 and the 

decrypted control word to service decryption module 

625; 

making and checking digests with shared secrets; 
making and checking sealed digests; 35 
confirming that a DHCT 333 is entitled to receive a 
service. 

A program executing on DHCT 333 or a program in 
control suite 607 has no access to any of the information 
stored in DHCTSE 627 or TED 603 and can thus do nothing 40 
with EMMs and ECMs beyond asking DHCTSE 627 or 
TED 603 to generate or interpret them. For example, when 
DHCT 333 receives an EMM, it simply passes the EMM to 
DHCTSE 627 for processing; when it receives an ECM, it 
does the same; if the authorization information contained in 45 
the ECM and stored in the DHCTSE 627 indicates that 
DHCT 333 is entitled to the service, DHCTSE 627 provides 
the decrypted control word to service decryption module 
625. 

The conditional access system can also do security check- 50 
ing for programs generally. For example, a program execut- 
ing on DHCT 333 that requires downloaded information 
from a server application may expect that a sealed digest was 
added to the information before it was downloaded, and the 
program may use DHCTSE 627 to check the sealed digest 55 
and determine whether the information is authentic, but it is 
up to the program to decide what to do with the information 
when DHCTSE 627 indicates that it is not authentic. 
Details of Messages in Conditional Access System 601 

In conditional access system 601, the ECM, the EMM, the eo 
FPM, and the GBAM are all different types of conditional 
access messages. The conditional access messages all have 
a common format, namely a header, the message itself, and 
a message authentication code, or MAC. The header con- 
tains the following information: 65 

the type of the message, i.e., whether it is an ECM, EMM, 
GBAM, or something else; 



the length of the message; 

an identifier for the conditional access system; 

an identifier for the type of security algorithm used with 
the message, including encryption of the message and 
authentication of its contents; and 

the length of the message content. 

The header is followed by the encrypted message and the 
MAC, which, depending on the message type, may be a 
sealed digesi or a digest made with some or all of the MSK 
-together-withthemessage: 

In digital broadband delivery system 501, CA messages 
may travel either in a MPEG-2 data stream or in an IP 
packet, that is, a packet made according to the rules of the 
Internet Protocol. Also, other transport protocols such as 
ATM may be used. In the_rjreferred-embodiment,~messages 
"from control suite 607 to DHCT 333 may travel in MPEG-2 
or IP packets; messages from DHCT 333 to control suite 607 
travel as IP packets on the reverse path provided by QPSK 
demodulator 623 and LAN interconnect device 617. In 
general, messages to DHCT 333 which are closely associ- 
ated with particular instances of services, such as ECMs and 
GBAMs, travel in the MPEG-2 data stream; EMMs may 
travel either in the MPEG-2 transport stream or as IP packets 
via LAN interconnect device 617 and QPSK modulator 621. 
CA Messages in the MPEG-2 Transport Stream: FIG. 7 

FIG. 7 is a schematic representation of an MPEG-2 
transport stream 701. An MPEG-2 transport stream is made 
up of a sequence of 188-byte long transport packets 703. The 
packets 703 in the stream carry information that, when 
combined at DHCT 333, defines an instance of a service and 
the access rights of a given DHCT 333 to the service. There 
are two broad categories of information: program 709, 
which is the information needed to produce the actual 
pictures and sound, and program specific information (PSI) 
711, which is information concerning matters such as how 
the transport stream is to be sent across the network, how the 
program 709 is packetized, and what data is used to limit 
access to the program 709. Each of these broad categories 
has a number of subcategories. For example, program 709 
may include video information and several channels of 
audio information. 

Each transport packet 703 has a packet identifier, or PID, 
and all of the packets 703 that are carrying information for 
a given subcategory will have the same PID, Thus, in FIG. 
7, the packets carrying Video I all have PID (a), and the 
packets belonging to that subcategory are identified by 
705(a), Similarly, the packets carrying Audio 1 all have PID 
(b), and the packets belonging to that category are identified 
by 705(b). A subcategory of information can thus be iden- 
tified by the PID of its packets. As shown at output packets 
707, the output from mux 704 is a sequence of contiguous 
individual packets from the various subcategories. Any part 
or all of MPEG-2 transport stream 701 may be encrypted, 
except that packet headers and adaptation fields are never 
encrypted. In the preferred embodiment, the sets of packets 
making up program 709 are encrypted according to the DES 
algorithm, with the control word as a key. 

Two of the subcategories are special: those identified by 
PID 0 (705(e)) and PID 1 (705(c)) list the PIDs of the other 
packets associated with the service(s) and thus can be used 
to find all of the information associated with any service. 
The packets in PID 1 705(c) have as their contents a 
conditional access table 710, which lists the PIDs of other 
packets that contain EMMs. One set of such packets appears 
as EMM packets 705(d), as indicated by the arrow from CAT 
710 to packets 705(d). Each packet 703 in packets 705(d) 
contains private information, that is, information which is 
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private to conditional access system 601. As will be the odd control word (after suitable encryption) becomes 

explained in more detail below, private information 713, for part of ECM_entitlement_unit__message 1011, and, in its 

the purposes of this invention, is a sequence of CA non-encrypted form, is used together with some or all of the 

messages, each of which contains an EMM, and private MSK as input to the MD5 one-way hash function to produce 

information 719, is a sequence of messages, each of which 5 ECM MAC 1013. The same procedure is used with the 

contains an ECM. even-parity control word. The contents other than the control 

The packets in PID 0 705(e) contain a program associa- word of ECM_entitlement unit_message_1011 will be 

tion table which lists PIDs of packets that are associated with examined in more detail later, 

a particular instance of a service. One such set of packets is EMM S tni dure Details: FIG. 11 



piogram maps packets 705(f), which contain a pj^gram_map_io FIG. JLshows-a-GA-message-805 _ whicrT~contains an 

— table-717-that-lists,-am^^ PIDs of EMM 1112. CA message 805 has a header 1003, a CA EMM 

transport packets 703 containing ECMs for the program. message 1101, and a sealed digest 1103. CAEMM message 

One such set of packets is shown at 705(g). Each of the 1101 consists of CA EMM message header 1105, EMM 

transport packets contains private information 719, which in message 1107, and CRC error detection code 1109. EMM 

this case is a sequence of CA messages, each of which 15 message llO' Mn its turn contains EMM-header-1113-and- 

contains an ECM . EMM3nsia , e_data 1115. EMM_inside_data 115 is 

FIG. 8 shows in detail how EMMs are carried in transport encrypted using the public key of the DHCT 333 for which 

packets 703. The payload space 719 in the packets carries it is intended. The data which is encrypted is EMM data 

data from a CA_PRIVATE_SECTION layer 803, which in 1129, which in turn is made up of EMM_inside_header 

turn contains a sequence of CA messages 805, each of which 20 1123 and EMM command_data 1125 together with padding 

contains an EMM 807. In the sets of packets 705(g) carrying 1127. EMM data 1129 is also input to the MD5 one-way 

ECMs, the control words in the ECMs are encrypted using hash function to produce EMM MAC 1119 and sealed digest 

the 3DES algorithm with the MSK as key; in the sets of 1103 is made by encrypting EMM_signing_header 1117, 

packets 705(d) carrying EMMs, the EMMs are encrypted EMM MAC 1119, EMM_signing header 1117, and padding 

using the public key of DHCT 333 for which they are 25 1121 with the private key of either an entitlement agent or 

intended. As will be immediately apparent, the techniques a conditional access authority, depending on what kind of 

just described can be employed to transmit any CA message EMM it is. 

805 as part of an MPEG-2 transport stream. The EMM__signing_header is information from the 

Mapping CA Messages into IP Protocol Packets: FIG. 9 EMM_inside_header. This information is particularly sen- 

FIG. 9 shows how EMMs are mapped into the Internet 30 sitive and is consequently encrypted by both the public key 

Protocol (IP) packets used to communicate between control of DHCT 333, for privacy reasons, and the private key of the 

suite 607 and DHCT 333 via LAN device 617 and QPSK entitlement agent or the conditional access authority, to 

modulator 621 and demodulator 623. An IP packet 903 is a apply a digital signature. Upon reception, and after the 

variable-length packet that consists simply of a header and privacy decryption, if the signature verification fails, the 

a payload. The header contains source and destination IP 35 EMM is discarded by DHCT 333. Included in this informa- 

addresses for the packet. With an EMM, the source address tion are an ID for the conditional access system, the type of 

is the IP address of the CAor EA, and the destination address the CA message, the serial number of the microprocessor in 

is the IP address of DHCT 333. In the preferred embodiment, the DHCT's DHCTSE 627, an identifier for the CAA or EA 

the IP address of DHCT 333 is constructed using its serial which is the source of the EMM, an indication of which of 

number. The IP addresses in DBDS 501 are partitioned by 40 the three public keys for the CAA in DHCT 333's secure 

HFC node 523. The payload of the IP packet is a packet 905 element is to be used to decrypt the sealed digest, and an 

belonging to the User Datagram Protocol (UDP) which has indication of the format of the EMM. The contents of EMM 

as its payload a CA_PRIVATE_SECTION 803, which in command_data 1125 will be explained in more detail in the 

turn contains a sequence of CA messages 805, each of which discussion of the operations performed using EMMs. 

contains an EMM 807. 45 Details of DHCTSE 627: FIGS. 12-14 

ECM Structure Details: FIG. 10 DHCTSE 627 has five main functions in conditional 

FIG. 10 shows details of the structure of an ECM 1008 access system 601: 

and shows the mapping 1001 from an ECM 1008 to a set it securely stores keys including the public and private 

705(e) of MPEG-2 transport packets 703. As before, the data k eys f or DHCT 333, public keys for the CAA, public 

of a CA^_PRIVATE_SECTION 803 is carried in a set of so keys for EAs from which DHCT 333 is authorized to 

MPEG-2 transport packets 703 with the same PID. The data receive services, and MSKs provided by those EAs. 

is a header 1003 for private section 803 and a sequence of , t secufel stores entitlement information sent by the EAs. 

CA messages 805, each of which includes a CA message . , , , 

header 1005, a CA ECM message 1007, and an ECM MAC li decr yP ts > authenticates, and responds to EMMs. 

1013. CA ECM message 1007 and ECM MAC 1013 55 11 decrypts the control words in the ECMs, authenticates 

together make up ECM 1008. the ECMs, and when DHCT 333 is authorized to 

FIG. 10 also shows how the control word is protected in receive the service instance to which the ECM belongs, 
ECM 1008 and how ECM MAC 1013 is produced. The il provides the control word to service decryptor 625. 
control word is a random value that is either encrypted using It provides encryption, decryption, and authentication 
3DES encryption or created by encrypting a counter value 60 services to applications running on DHCT 333. 
using 3DES encryption, using the MSK as the key. In either DHCTSE 627 includes a microprocessor (capable of 
case, the preferred embodiment calls for an MSK which is performing DES), specialized hardware for performing RSA 
made up of two 56-bit DES keys, and the 3DES encryption encryption and decryption, and secure memory elements. All 
operation is a sequence of three DES operations: encryption of the components of DHCTSE 627 are contained in a single 
using the first DES key, decryption using the second DES 65 tamper-proof package, such as a package that upon attempt- 
key, and encryption using the first DES key. The control ing to access the information contained within the informa- 
word, too, may have even or odd parity. As shown at 1013, tion is destroyed. Only the components of DHCTSE 627 
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have access to the information stored in the secure memory NVA storage 1303 has two main components: adminis- 

elements. Any attempt by a user to gain access to any of the trative storage 1330 and EA storage 1331. Administrative 

parts of DHCTSE 627 renders DHCTSE 627 unusable and storage 1330 contains DHCT keys 1325, CAA keys 1329, 

its contents unreadable. DHCTSE 627 may be an integral and CAA data 1330. Beginning with DHCT keys 1325, each 

part of DHCT 333 or it may be contained in a user- 5 DHCT 333 has two public-private key pairs. The public key 

installable module such as a "smart card". The user "per- of one of tne pairs serves as the publ j c key ^ l0 encr yp t 

sonalizes" the DHCT 333 by installing the module in it. EMMs sent to DHCT 333, and the private key is used in 

r^^i 2 ^ r °y ide ? an °y erview of the ™ mp ^t n ™ f DHCT 333 to decrypt the messages; the private key of the 

DHCTSE 627. As shown, the components of DHCTSE 627 Qthcr of lhe ^ ^ lQ cnc b \ di * esls of 

T neCied i° " bUS l205 - Be S innm g W *V^?— 10-me^^ 

_1203 Jo4he-general-purpose-processoT"iipon"which applica- *i_ *_ i i * * li * *l t J I j- * c 

tions execute in DHCT 333, interface 1203 permits passage other network el ^ ents '° ^ C ?£ ^ Sealed dl f sts of 

of data between the remaining components of DHCT 333 received f^m DHCT 333^e pairs of keys are 

and DHCTSE 627, but does not permit components in the inst * lled in DHCTSE 627 when DHCTSE 627 is manufac- 

remainder of DHCT 333 to address and read the contents of Hired. 

secret values in memory in DHCTSE62T Micro processor 15 InjyMrfenecLOT^im^ 

-l-201-executesnhe^de~fcT^oihg^ncryption, decryption, 333 maintains a certified database which has the serial 

and authentication and interpreting EMMs and ECMs; RSA number of each DHCT together with the pair of public keys 

hardware 1217 is special hardware performing the calcula- belonging to it. When a CAA or EA wishes to begin sending 

tions involved with RSA encryption and decryption. EMMs to a DHCT 333, it sends a message to control suite 

Memory 1207 contains the code executed by micropro- 20 607 with the serial number of the DHCT. Control suite 607 

cessor 1201, the keys, and the entitlement information. In a responds to the request by requesting the public key for the 

preferred embodiment, there are two kinds of physical DHCT from a database maintained by the manufacturer of 

memory in memory 1207: ROM 1219, which is read-only DHCT 333. The database responds to the message by 

memory whose contents are fixed when DHCTSE 627 is sending control suite 607 certified copies of the public keys 

manufactured, and non-volatile memory (NVM) 1209, 25 for the DHCT. The manufacturer thus functions as the 

which can be read and written like normal random-access certification authority for the keys. Control suite 607 stores 

memory, but which retains its current values when DHCTSE the public keys in a database of its own. For details on key 

627 is without power. Non -volatile memory 1209 is orga- certification, see Schneier, supra, pages 425-428. Getting 

nized as a set of non-volatile storage cells (NVSCs) the public keys for the DHCT from the manufacturer has two 

1211(0 . . . n), as described in U.S. Pat. No. 5,742,677, 30 advantages: first, it solves the problem of certifying the keys; 

Pinder, et ah, Information Terminal Having Reconfigurable second, because the public keys come from the manufacturer 

Memoryhlcd Apr. 3, 1995. and not firom DHCT 333, there is no requirement in condi- 

As will be explained in greater detail below, code execut- tional access system 601 that DHCT 333 have a reverse path 

ing in microprocessor 1201 dynamically allocates NVSCs to control suite 607. 

1211 to entitlement agents. In the preferred embodiment, 35 CAA keys 1329 are public keys for the conditional access 
NVM 1209 is used for the storage of information which can authority. In a preferred embodiment, CAA keys 1329 
be rewritten by means of EMMs, and ROM 1219 is used for include three public keys for the conditional access author- 
code which will not change during the life of DHCTSE 627. ity. These keys are originally installed when DHCTSE 627 

FIG. 13 is a schematic overview of the contents of is manufactured, but may be changed in response to EMMs, 

memory 1207 in DHCTSE 627. The memory is divided into 40 as will be explained in more detail below. CAA data 1330 

two main parts: read-only storage 1301, which contains code includes parameters used by the CAA in managing EA 

and other information that does not change as a result of the storage 1331, and maps which map NVSCs belonging to 

interpretation of EMMs, and NVA storage 1303, which is particular entitlement agents to 8 -bit names and thereby 

non-volatile storage that changes as a result of the interpre- permit the CAA and the entitlement agents to manipulate the 

tations of EMMs. RO storage 1301 contains code 1305. 45 NVSCs 1211 by name. 

Code 1305 falls into four categories: code 1307 for the Entitlement agent 1331 has EA information 1331 for each 

encryption, decryption, and authentication operations per- entitlement agent from which DHCT 333 containing 

formed by DHCTSE 627, code for interpreting EMMs 1313, DHCTSE 627 can obtain services. The CAA uses EMMs to 

code for interpreting ECMs 1321, and code for handling allocate NVSCs 1211 for an entitlement agent and the 

other CA messages such as the FPM and the GBAM. Code 50 entitlement agent then uses EMMs to set the contents of its 

1307 includes code 1308 for the MD5 one-way hash entitlement agent information 1333. 

algorithm, the code 1309 for the RSA public key algorithm, FIG. 14 shows how NVSCs 1211 are organized into EA 

and the code 1311 for the 3DES algorithm. EMM code 1313 storage 1331 in a preferred embodiment. There are two 

falls into three classes: code 1315 which interprets EMMs kinds of NVSCs 1211: "skinny" NVSCs, as shown at 1405, 

received from a conditional access authority, code 1317 55 and "fat" NVSCs, as shown at 1409. AfatNVSC is made up 

which interprets EMMs employed by the entitlement agents of a number of skinny NVSCs. The storage 1403, which 

to configure the storage allocation they receive firom the contains the three CAA public keys, also contains two 

CAA, and code 1319 which interprets EMMs containing pointers: one, 1402, to a free list 1407 of unallocated skinny 

MSKs and entitlements. Code 1315, 1317 and 1319 thus NVSCs and the other, 1404, to an entitlement agent list 1406 

implements EMM manager 407 in a preferred embodiment. 60 of allocated fat NVSCs 1409. There is such a fat NVSC 

The code for interpreting ECMs 1321 decrypts the control 1409(f) for each entitlement agent from which DHCT 333 

word contained in the ECM and checks whether DHCT 333 may receive services. Each of these NSVCs 1409(f) may 

is permitted to access the instance of the service that the also have a list 1411 of NVSCs, which may be skinny 

ECM accompanies; if so, the code provides the decrypted NVSCs 1405, fat NVSCs 1409, or a combination of both. A 

control word to service decryption module 625. The code for 65 given NVSC 1409(f) and its list of skinny NVSCs make up 

other CA messages 1323 deals with messages such as the EA information 1333(f) for an EA. The fat NVSC 1409 is an 

FPM and GBAM. EA descriptor. As shown at 1333(f), the skinny NVSCs 1411 
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contain information for the services provided by the entitle- that is permitted for the EA and as long as the total number 

ment agent such as an MSK for a service, a bit map of of NVSCs of the type belonging to the EA does not exceed 

entitlement information, and information needed for inter- the limit set by the CAA that authorized the EA. 

active services such as IPPV Once the CAA has allocated the EA storage area in the 

Control of NVA Storage 1303 5 DHCTSE, it is up to the EA to configure the storage area. 

In a preferred embodiment, allocation and de-allocation The first step is to load certain parameters such as a PIN into 

of the NVSCs 1211 may be ultimately controlled by either a descriptor for the EA. The second step is to determine 

the CAA or DHCTSE 627. When the CAA controls alloca- which types of NVSCs are to be used for the protected 

tion and de -allocation, the CAA, usually representing the services to be ottered. The names allocated by the CAA are 
.operator, of J}BDS-501,-negQtiates-wth^ 

ment agents and agrees on an allocation of the various types each NVSC is loaded by sending the appropriate EMM. 

of NVSCs for that entitlement agent. EA administrative code Addressing EMMs 

1317 checks when it is interpreting EMMs from an entitle- In the conditional access layer, EMMs are addressed to a 
ment agent to ensure that the entitlement agent does not use specific DHCTSE 627, indexed by CAA or EA. This index- 
more NVSCs of each ty pe than t hose all ocated to it. ^i^ing.isJakenxare-of-in-EMM-header-U13 r which-meludes a- 

WHerT T)HCTSE~1>27 controls NVA storage 1303, the unique identifier for the CAA or EA that is the source of the 

operator of the CAA negotiates with each of the service EMM, and that therefore is associated with the private key 

providers and agrees on the allocation of storage needed for used to make the EMM's sealed digest. The EMM header 

the services provided. The CAA then sends an encrypted also includes the serial number for DHCTSE 627. The 

message to the entitlement agent. The encrypted message 20 DHCTSE 627 responds only to those EMMs that include its 

contains the allocation based on data types, and the entitle- serial number. When a CAA is the source of the EMM, there 

ment agent prevents the service provider from asking for is also a value in the header indicating which of the CAA 

more resources than were negotiated. If DHCTSE 627 public keys is the public key for the source of the message, 

nevertheless receives requests for storage area above what is Conditional access messages may be transported in other 

available in NVA 1303, it indicates to the user of DHCT 333 25 data protocols, which may include other addressing mecha- 

via the user interface that no more storage is available and nisms. DHCTSE 627 ignores EMMs that are addressed to a 

requests the user to either remove some service provider CAA or EA that is not "known" by DHCTSE 627 (i.e., 

resources or to rescind the request. EMMs for which there is no CAA corresponding to the 

Details of Operations Specified by EMMs CAAID or EA that corresponds to the EAID). As will be 

In the following, examples of operations specified by 30 explained in more detail below, information about individual 

EMMs will be given, beginning with changing a CAA public entitlements is contained in NVSCs 1211 for the entitle- 

key, continuing through establishing an EA in DHCTSE ments. Each of these NVSCs has a type, and an EA may 

627, and ending with providing entitlement information for change the type or contents of an NVSC 1211 by sending an 

broadcasts, events, and interactive services. In the preferred EMM which specifies the name of the NVSC 1211 to be 

embodiment, a single CAA controls the allocation of EA 35 altered. DHCTSE 627 will alter the NVSC 1211 as indicated 

storage 1331 to entitlement agents. In other embodiments, in the EMM unless the entitlement agent does not have an 

there may be more than one CAA. There are two kinds of NVSC with that name or the change violates a constraint set 

entitlement information: that for broadcast services and that by the CAA. In those cases, the EMM is ignored by 

for interactive services. Storage for broadcast entitlements is DHCTSE 627. Conditional access system 601 does not 

more permanent than that for interactive entitlements. 40 require that digital broadband delivery system 501 have a 

The amount of memory 1207 in DHCTSE 627 is limited. reverse path, or, if one exists, that any bandwidth on the 

The CAA manages this scarce resource and allocates it to the reverse path be available to the EMM conditional access 

entitlement agents from which DHCT 333 receives services. function. Consequently, DHCT 333 does not return any 

Different EAs may have different amounts of storage area acknowledgment, confirmation, or error messages in 

allocated, depending on their needs. Once an EA has 45 response to an EMM. Therefore, the CAA or EA that is the 

received an allocation from the CAA, the EA may configure source of an EMM should track the allocations of NVSCs 

the storage area within limits defined by the CAA. Different 1211 and send only EMMs that request legal operations. In 

EAs may have different limits and different types of limits. other embodiments, a reverse path may be required, and for 

At one extreme, the CAA only restricts the total number of these embodiments, the reverse path can be used for 

NVSCs 1211 that an EA may have in its EA information 50 acknowledgment or error messages. 

1333. The CAA may impose tighter restrictions by limiting Changing a CAA 

the types of NVSCs 1211 and/or the number of each type. In As previously indicated, a CAA is represented in 

this way, the CAA can prevent the EA from offering specific DHCTSE 627 by its public key. Three public keys for the 

kinds of services and can limit the amount of such services CAA are installed in DHCTSE 627 when it is manufactured, 

offered, i.e., the amount of time that such services are 55 A need may occasionally arise to change the CAA of 

offered. DHCTSE 627. One circumstance under which such a need 

When a CAA allocates fat and skinny NVSCs 1211 for an would arise would be if the private key for the CAA had 

EA, it gives each allocated NVSC 1211 a "name", i.e., each been compromised; another would be if a new entity has 

NVSC 1211 has an identifier, such as an 8-bit identifier, that taken over the function of authorizing entitlement agents, 

the CAA associates with the EA for which it has allocated 60 That might happen, for example, as a consequence of the 

the NVSCs 1211. The CAA and the EA use the name for the sale of all or part of a DBDS 501. 

NVSC 1211 to refer tu ii in EMMs that manipulate the Any one of the public keys for a CAA can be replaced by 

NVSC. An NVSCs name need not have anything to do with means of a sequence of two EMMs, the first of which has a 

its physical location in NVM 1209. Since the name space is sealed digest encrypted with the private key corresponding 

8-bits wide, the names are assigned using a 256-bit map. If 65 to a first one of the other two public keys, and the second of 

an entitlement agent has the name of an NVSC, it may make which has a sealed digest encrypted with the private key 

the NVSC into any type of NVSC as long as the type is one corresponding to the second one of the other two private 
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keys. Each of the two EMMs contains an identifier, the 
CAAID for the new CAA, a key select value indicating 
which of the three CAA public keys is to be replaced, and 
the public key for the new CAA. After the first EMM is 
successfully authenticated by DHCTSE 627 by verifying the 5 
digital signature applied by the first CAA key, DHCTSE 627 
computes a MD5 hash of the new CAA public key in this 
first EMM and stores it. After the second EMM is success- 
fully authenticated by the DHCTSE by verifying the digital 
signature applied by the second CA Ajcey,Jhe_DHCTSE_iO 

"computes a MD5 hash of the new CAA public key included 
in this second EMM. This second hash is compared with the 
first. If the hashes are identical, the new CAA public key and 
CAAID are substituted for the public key and CAAID of the 
CAA specified by the key select value. Asingle CAA public 15 

_key-must-not be-changed-twice-withoutone"Cif thecrther two 
CAA public keys being changed in between. 
Dynamically Adding and Removing Entitlement Agents in 
DHCTSE 627: FIG. 15 

When a CAA authorizes a DHCT 333 to receive services 20 
from an entitlement agent, it does so by sending a sequence 
of EMMs that create an entitlement agent descriptor FAD 
1409 for the new entitlement agent. FIG. 15 shows a detailed 
view of an EAD 1409(f) as created by the CAA EMMs. 
Header 1502 is common to all NVSCs 1211. Cell status 25 
1501 indicates whether the NVSC 1211 is allocated. Cell 
type 1503 indicates what kind of data it contains; with an 
EAD 1409. Cell type 1503 indicates that the cell is a "fat" 
NVSC. Cell name 1505 is the 8-bit name that the CAA gives 
the cell when it allocates it. The names are per-EA. That is, 30 
the EA information 1333 for an EA may include up to 255 
NVSCs. Next element 1507 is a pointer to the next element 
in the list to which the NVSC belongs. Thus, in an unallo- 
cated NVSC, it is a pointer to the next NVSC in free list 
1407; in an EAD 1409, it is a pointer to the next element in 35 
EAD list 1406, and in a skinny NVSC that is part of a list 
1411, it is the next skinny NVSC in that list. Next element 
1507 is set in response to whatever EMM causes the list to 
be manipulated. 

The remaining fields are particular to EADs 1409. The 40 
fields labeled 1506 in FIG. 15 are all set by EMMs from the 
CAA. EAID 1509 is an identifier for the entitlement agent 
to which EAD 1409 belongs; in the preferred embodiment, 
EAID 1509 is used to locate EAD 1409 for a given entitle- 
ment agent. CAA flags 1511 are a set of flags that indicate 45 
(1) the classes of service to which the entitlement agent can 
grant access and (2) whether the public key for the entitle- 
ment agent is installed in EAD 1409. First skinny NVSC 
1513 is a pointer to skinny NVSC list 1411 belonging to EA 
information 1333 to which EAD 1409 belongs. EA maxi- 50 
mums 1515 define the maximum amounts of services for the 
EA to which EA information 1333 belongs. The last field 
1506 set by the CAA is EA public key 1527, which is the 
public key for the EA to which EA information 1333 
belongs. 55 

The fields in EA fields 1516 contain information that is 
associated with the customer to whom DHCT 333 belongs. 
The fields arc set by an EMM received from the EA after 
EAD 1409 has been allocated and fields 1506 have been set. 
DHCT flags 1517 include flags indicative of the services 60 
provided by the EA that this specific DHCT 333 is presently 
entitled to receive. Stored credit limit field 1519 is used with 
instances of impulse services, i.e., instances of services that 
need not be purchased in advance. Stored credit limit field 
1519 indicates the maximum amount of a service that an 65 
interactive customer can use without authorization from the 
EA. As will be explained in detail below, authorization is 



obtained by sending an FPM to the EA and receiving a 
confirming EMM from the EA. X coordinate 1521 and Y 
coordinate 1523 define a location of DHCT 333 in a coor- 
dinate system (to be explained more fully later) established 
by the entitlement agent. The coordinate system may be 
geographic and may, for example, be used to determine 
whether the DHCT 333 is in an area which is to be blacked 
out in a broadcast. The coordinate system may also be used 
generally to define subsets of an EA's customers. For 
jns^ajic^,ihe_X_CQorc^ 

define customers who do not wish to receive movies that 
have ratings other than G or PG-13. The PIN is a multi- 
character code that the customer for the DHCT uses to 
identify himself or herself to the entitlement agent. 
The EMMs that the CAA sen ds to set u p EA informatio n _ 
-1333"for"a"rTEA"^e~flie~f611owing: 

Set EA Allocation Name Map 

Set EA Maximum Allocations 

Update Entitlement Agent Public Key 

EMM header 1113 in all of these EMMs contains a 
CAAID for the CAA, and all of the EMMs have a sealed 
digest that has been encrypted with the CAA's private key. 
The CAA may use these EMMs not only to set up EA 
information 1333, but also to modify already existing EA 
information 1333 for an EA and to remove EA information 
1333 for an EA. When the latter has been done, DHCTSE 
627 will no longer respond to EMMs or ECMs from the 
entitlement agent. 
Set EA Allocation Name Map 

The Set EA Allocation Name Map EMM contains an 
EAID, which uniquely identifies the EA for which the EA 
information 1333 is being created or modified, and a name 
map. The map has a bit for each name; when the CAA has 
allocated a NVSC for the EA, the bit corresponding to the 
NVSCs name is set. CAA EMM code 1315 responds to this 
EMM by allocating the NVSCs required for EA information 
1333, mapping the names for the EAID to the physical 
locations of NVSCs, making list 1411 and setting first 
NVSC flag 1513 to point to it, adding the new EA Descriptor 
1409 to the head of EA list 1406 and setting next element 
pointer 1507 accordingly, and filling out header fields 1502 
and EAID field 1509. 

CAA EMM code 1315 stores the current name map for the 
EA in CAA data 1330 and consequently can compare the 
name map in a newly-received Set EA Allocation Name 
Map EMM with the current name map. If a name is specified 
in both name maps, the Set EA Allocation Name Map 
command does not affect the NVSC 1211 with the name. If 
the name map in the EMM specifies a name that was not in 
the current name map, an NVSC 1211 corresponding to that 
name is added to list 1411. If the name map in the EMM no 
longer specifies a name that was previously allocated to the 
entitlement agent, the NVSC 1211 corresponding to that 
name is returned to free list 1407. After this is done, the 
name map in the EMM becomes the current name map. 

Typically, an entitlement agent and a conditional access 
authority will cooperate in determining how large list 1411 
should be. For example, if an entitlement agent needs less 
space, it will send a message to that effect to the CAA, the 
message will contain the names of the NVSCs 1211 that the 
entitlement agent wishes to have removed, and the name 
map in the EMM sent by the CAA will specify only the 
names of the NVSCs 1211 that the entitlement agent wishes 
to keep. It may, however, happen that the entitlement agent 
is not cooperative or that the conditional access authority 
must reduce the size of list 1411 for the entitlement agent 
before it receives a message from the entitlement agent. In 
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that case, the CAA may remove NVSCs 1211 from list 1411 
by the value of the name, beginning with the name with the 
highest numeric value, continuing with the next highest, and 
so on, until the required number of NVSCs 1211 have been 
removed. 

The CAA can also use the Set EA Allocation Name Map 
EMM to remove EA information for an EA from DHCTSE 
627. When the EMM is used in this fashion, none of the bits 
in the name map are set. CAA EMM code 1315 responds by 
returning all of the NVSCs in the EA information 1333 and_ 
_EA Descriptor-1409(0 for the-EA ideotifieTl by thTEAIDlF 
the EMM to free list 1407 and re-linking EA list 1406 as 
required. 

Set EA Maximum Allocations 

The Set EA Maximum Allocations EMM contains the 15 

EAID for the EA havmg ihe_entitlement-information-1333 

1fiaTis~being created or modified and also contains values for 
fields 1511 and 1515 of EAD 1409. CAA EMM code 1315 
responds to this EMM by reading down EA list 1406 until 
it finds EA descriptor 1409 with the EAID specified in the 20 
EMM and then setting fields 1511 and 1515 of EAD 1409 
using the values in the EMM. When an entitlement agent 
sends an EMM to DHCTSE 627 that establishes entitlement 
information of a certain type, for example, for an event, the 
code that interprets the EMM checks the EA maximum 25 
allocations to determine whether the maximum number of 
entitlements for that EAhas been exceeded. In the preferred 
embodiment, entitlements are represented by NVSCs. 
Consequently, what is limited is the number of NVSCs of a 
given type in list 1411. 30 
Update Entitlement Agent Public Key 

The Update Entitlement Agent Public Key EMM contains 
the EAID for the EA having the entitlement information that 
is being created or modified and the EA's public key. CAA 
EMM code 1315 responds to this EMM by locating EA 35 
descriptor 1409 as described above and setting field 1527 
from the public key in the EMM. With the EA's public key 
in place, DHCTSE 627 can then use the signed digests of the 
EMMs to verify that they are from the EA. This verification 
is possible since the EA uses the private key corresponding 40 
to the updated public key to perform the signing operation. 
EA EMMs that Modify Entitlement Information 1333 

The EA EMMs that modify entitlement information have 
sealed digests that are encrypted using the EA's private key. 
The EMMs fall into two groups: EMMs that modify EA 45 
fields 1516 of EAD 1409 and EMMs that modify contents of 
the NVSCs making up list 1411. As set forth with regard to 
EAD 1409, each NVSC has a name, and each NVSC in list 
1411 has a type. An NVSC is named by the CAA, as 
described above, and its name cannot be changed by the 50 
entitlement agent. The entitlement agent can, however, 
change the type and contents of a NVSC, subject only to the 
maximums for the types established in EAD 1409 for the 
EA. It is up to the entitlement agent to keep track of the types 
and contents of the NVSCs in EA information 1333. 55 

The EMM that modifies EA fields 1516 of EAD 1409 is 
the Update Entitlement Agent Properties EMM. The second 
group of EMMs is further subdivided according to the kinds 
of entitlements they provide. There are two broad families of 
entitlements: broadcast entitlements for non -interactive ser- 60 
vices and interactive entitlements for interactive sessions. 
Within the broadcast entitlements, there are further event 
entitlements for events that the user pays for individually, as 
is the case with pay-per-view events, interactive pay-per- 
view events, and near video-on-demand events. The non- 65 
event broadcast EMMs include: 

Update MSK 



Update Digital Bit Map 
Update Digital List 
Update Analog MSK and Bit Map 
Update Analog MSK and List 
Update Analog Bit Map 
Update Analog List 
The broadcast EMMs for events include 
New Event Storage 



Add/Remove-pPV Event 

Acknowledge IPPV/NVOD Event 
The EMMs for interactive sessions include 
New Interactive Session Storage 
Add Interactive Session 



"Remove Interactive Session 



As can be seen from the names of the EMMs, the EAcan 
change the type of the named NVSCs allocated by the CAA 
as needed for events and interactive sessions, subject only to 
the maximums specified in EAD 1409. 

There are separate CAA EMMs for allocating NVSCs, 
setting limits on types of NVSCs, and assigning a public key 
to an entitlement agent. Also, the EA EMMs for writing 
NVSCs 1211 do so by name and can change the NVSC 1211 
type as well as its content. Therefore, access control system 
601 has a high degree of control and flexibility, A CAA may 
dynamically constrain the total number of entitlements that 
an entitlement agent may give, the types of entitlements, and 
the number of entitlements of each kind as required. The 
CAA may also change the constraints either in part or as a 
whole, and can do so either in cooperation with the entitle- 
ment agent or unilaterally. Within the constraints imposed by 
the CAA, however, the entitlement agent is free to dynami- 
cally manage its own entitlements, changing not only 
entitlements of a given type, but even changing the types 
themselves. 

Update Entitlement Agent Properties 

This EMM contains the values for EA fields 1516 of EAD 
1409. EA administration EMM code 1317 reads EMM 
header 1113 to get the EAID for the EA to which the EMM 
is directed and simply sets fields 1516 in EAD 1409 for the 
EA from the EMM. 
Non-Event Broadcast EMMs 

Of the non-event broadcast EMMs, four types will be 
discussed here. These are Update MSK, Update Bit Map, 
Update List, and update combinations with MSK and list or 
bitmap. Those skilled in the art will be able to easily apply 
the principles explained below to EMMs that perform the 
functions indicated by the names of the other non-event 
broadcast EMMs. For example, the principles of digital 
EMMs can be applied to analog EMMs. There is a separate 
type of NVSC 1405 for each information type provided by 
the above non-event broadcast EMMs. FIG. 16 shows the 
contents of four of these types of NVSCs. Each NVSC type 
will be discussed together with the EMM that provides the 
information it contains. 
Update MSK 

The Update MSK EMM is used to send a new MSK for 
a set of services provided by the EA specified by the EMM. 
The new MSK and other information associated with the 
MSK are stored in MSK NVSC 1601 in list 1411 for EA 
information 1333 belonging to the EA specified by the 
EMM. Included in MSK NVSC 1601 is header 1502. 
Header 1502 specifies that NVSC 1601 is a MSK NVSC, 
gives the NVSCs name, and contains next element pointer 
1507 to the next element in list 1411. The other fields contain 
information about the MSK. In the preferred embodiment, 
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MSK 1608 has two 128-bit parts: the even MSK 1609 and 
the odd MSK 1611. Each part has two halves, i.e., a first half 
and second half, each of which has 56 key bits and 8 unused 
parity bits. The MSK 1608 is associated with a pair identifier 
1603 for MSK 1608, an expiration date 1605 for MSK 1608, 
and a flag 1607 indicating whether the value of expiration 
date 1605 should be ignored. If the expiration date 1605 is 
not to be ignored, DHCTSE 627 will not use MSK 1608 to 
decrypt a control word after the expiration date. The iden- 
tifier 1603 is perJE Aj^ancLconsequentlVj-a given-EA-may- 
have one or more MSK NVSCs 1601 at any given time to 
store a plurality of different MSKs. Thus, conditional access 
system 601 not only permits separate security partitions for 
each EA, but also permits security partitions within an EA. 

The Update MSK EMM header contains the EAID 
— neede^~to^ocate~EA"infoTmatioEri333 for the EA; the 
message contains the name of the NVSC that is to receive 
the MSK, a MSK pair selector which specifies a MSK pair 
ID for the MSK to be updated, a set of flags permitting the 
EA to selectively change MSK pair ID 1603, expiration date 20 
1605, no expiration date 1607 and either half of MSK 1608, 
and the information needed to make the changes. At a 
maximum, the EMM contains a value for MSK pair ID 
1603, a value for expiration date 1605, a value for no 
expiration date 1607, and values for even MSK 1609 and 25 
odd MSK 1611. EA MSK code 1319 processes the Update 
MSK EMM by locating EA Information 1333 for the EA 
identified by the EMM header's EAID, using the cell name 
to locate the proper NVSC, giving that NVSC the MSK type, 
and then writing to the MSK NVSC 1601 as required by the 
flags and the information in the EMM. This procedure is the 
same for both analog and digital Update MSK EMMs. The 
differences are in the EMM command code in EMM Header 
1123 and NVSC type 1503. 
Entitlement Identifiers 

As will be explained in more detail below, an ECM 
specifies the service instance that it accompanies by means 
of (1) the EAID for the entitlement agent that is the source 
of the ECM and (2) a 32-bit entitlement ID for the instance. 
Entitlement IDs are per-EA. By making the entitlement IDs 40 
32 bits long, each EA will have enough entitlement IDs even 
for transient services such as pay-per-view events and inter- 
active services. In the preferred embodiment, when 
DHCTSE 627 interprets an ECM, it checks whether DHCT 
333 is entitled to decrypt the instance by looking in EA 45 
information 1333 for the EA specified in the ECM for an 
entitlement ID that corresponds to the entitlement ID speci- 
fied in the ECM. The entitlement IDs in the EMM and in EA 
information 1333 can be represented in a t jcast twq jyays^ 
One way is by simpl y listin g£ ntitlem ent IDs. The drawback 50 
with this technique is thatthT 32-birentitlement IDs are 
large, and NVSCs are a scarce resource. The other way is by 
means of a starting entitlement ID value and a bit map. Any 
entitlement ID having a value within 255 of the entitlement 
ID value specified by the starting entitlement ID value can 55 
be specified by setting a bit in the bit map. This technique is 
set forth in the Banker and Akins patent application supra. 
See particularly FIG. 2 of the Banker and Akins patent 
application and the discussion of that figure. The following 
discussion of specifying entitlement IDs by means of a 60 
starting ID and a bit map is an expansion of the discussion 
in that patent application. 
Update Bit Map EMM 

This EMM updates a bit map that specifies one or more 
entitlement IDs. The bit map is stored in an entitlement bit 65 
map NVSC 1613. NVSC 1613 has a header 1502 with the 
cell number and type of the NVSC; a first entitlement ID 
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1615, which is the first entitlement ID which may be 
specified by the bit map; an expiration date 1617, which 
specifies when the entitlement IDs specified by first entitle- 
ment ID 1615 and the bit map expire; a no expiration date 
flag 1619, which indicates whether there is in fact an 
expiration date; and bit map 1621. The update bitmap EMM 
contains the cell name for the NVSC 1613 to be set, a set of 
flags which indicate the information in NVSC 1613 that is 
to be set by the EMM, and the values for the information. 
The EMM may_sel^ny_or_alLofjfirsLentitlement ID-1615— 
expiration date 1617, no expiration date 1619, and bit map 
1621. EA administrative EMM code 1317 responds to the 
EMM by setting the fields of the specified NVSC 1613 as 
indicated in the EMM. This procedure is the same for both 
Update Digital Bit Map and Update Analog Bit Map EMMs. 
-The. differences -are-in-the-EMM-command-code-in'EMM - 
Header 1123 and NVSC type 1503. 
Update List EMM 

The Update List EMM updates a list of entitlement IDs 
that is contained in an entitlement list NVSC 1623. NVSC 
1623 has a header 1502 with the cell name and type for the 
NVSC and contains up to six entitlement ID elements 1625. 
Each of the elements contains an entitlement ID 1627, an 
expiration date 1629 for the entitlement ID, and a flag 1631 
indicating whether the entitlement ID has an expiration date. 
The update list EMM contains the cell name for the NVSC, 
a value for the flag, an expiration date, and values for up to 
six entitlement ID elements 1625. This procedure is the 
same for both Update Digital List and Ugglatf Analog Lis t 
EMMs. The differences are in the EMM command code in 
EMM Header 1123 and NVSC type 1503. 
Broadcast Events 

A broadcast event is a one-time service, such as a pay- 
per-view broadcast of a boxing match. In the preferred 
embodiment, there are two kinds of broadcast events: ordi- 
nary pay-per-view broadcast events, in which the customer 
has ordered in advance to see the event, and impulse events J 
where the customer decides at the time the event is broadcast 
that he wants to order it. There are different kinds of impulse 
events, such as: impulse pay-per-view (IPPV) events, which 
are pay-per-view events where the customer can decide at 
the time of the event to purchase it, and near video-on- 
demand (NVOD), where popular movies are rebroadcast at 
short intervals and the customer can decide when the 
rebroadcast occurs whether he or she wants to view it. Those 
skilled in the art will realize that the concept of an "event" 
can refer to any service over a specific time period (whether 
broadcast or non-broadcast), such as video on demand 
events or other types of events not listed here. 

In the case orpay-per- view events, the customer orders 
the event from the entitlement agent, and the agent responds 
by sending an EMM that contains the necessary entitlement 
information. In the case of events where the customer 
decides at broadcast time that he or she wants to purchase 
the event, purchase information, i.e., information about the 
entitlements that can be purchased, must be distributed with 
the event. In these cases, the purchase information is dis- 
tributed by means of global broadcast authenticated 
messages, or GBAMs. The customer provides input 628 that 
specifies a purchase. The DHCT 333 responds to the input 
628 by storing the record of purchase in the DHCTSE 627 
and then beginning to decrypt the event. Later, the DHCT 
333 sends the entitlement agent a forwarded purchase mes- 
sage (FPM) indicating what has been purchased by the 
customer, and the entitlement authority responds with an 
EMM that confirms the purchase and contains the necessary 
entitlement information. The record of the purchase remains 
until an EMM confirming the purchase is received by the 
DHCTSE 627. 
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Event NVSCs: FIG. 17 

FIG. 17 shows event NVSC 1701 used to store entitle- 
ment information for events. Header field 1502 is similar to 
that for other NVSCs 1701. Each event NVSC 1702 may 
contain up to three event descriptors 1703, each of which 5 
describes a single event. Each event descriptor 1703 con- 
tains a Flags Field 1705 that includes flags to indicate (1) 
whether the event is active, (2) whether its end time has been 
extended, (3) whether the entitlement agent has confirmed 
purchase of the even t, (4)_whether_the, customer-canxancel-^- 
at any time, (5) whether the customer can cancel in a 
cancellation window, (6) whether the customer has canceled 
the purchase, (7) whether the right to copy the event has 
been purchased, and (8) whether the event is an analog or 
digital service. Purchase time 1709 is the later of the st art 15 
time-for the'evenrorthe _ time"the customer 'purchased the 
event. End time 1709 is the time the event is to end. Cost 
1711 is the cost of the event to the customer, and entitlement 
ID 1713 is the entitlement ID for the event. 
New Event Storage EMM 2 o 

When the CAA sets up entitlement agent descriptor 1409 
for an entitlement agent, it includes a value in EA Maxi- 
mums 1515 that limits the number of event NVSCs 1701 the 
entitlement agent may have. Within that number, however, 
the entitlement agent is free to allocate event NVSCs 1701 2 5 
from the total number of NVSCs 1405 belonging to the 
entitlement agent and to reuse existing event NVSCs 1701. 
To allocate an event NVSC, the EA uses the new event 
storage EMM, which simply contains the cell name for the 
NVSC which is to be allocated. Once the event NVSC 1701 
has been allocated, its fields are set as follows: 

In the case of an ordinary PPV event, fields are set by an 
add/delete event EMM; 

In the case of an IPPV or NVOD event, fields are set in 
part from the GBAM for the event and in part from 
customer input 628. 

The contents of an event NVSC 1701 are deleted by an 
add/delete event EMM or by receiving an ECM containing 
a time greater than the event end time in the event NVSC 
1701, if the event record had been previously acknowledged 40 
by receiving the Acknowledge Event EMM. 
The Add/delete Event EMM 

The add/delete event EMM contains a flag which indi- 
cates whether the EMM is setting or deleting an event. In the 
latter case, the contents of the EMM must match the current 45 
contents of the NVSC 1701 that is to be deleted. In the 
former case, the values of the EMM include flags indicating 
whether time extensions are allowed and whether the right 
to copy has been purchased. Further included are values for 
the event's start time and end time and the entitlement ID for 50 
the event. When the add/delete flag indicates "delete", EA 
administrative code deletes the contents of the NVSC 1701. 
When it indicates "add", the code sets the corresponding 
fields of the NVSC 1701 to the values specified in the EMM. 
The flag that indicates whether the EAhas acknowledged the 55 
purchase is set to so indicate. 

The Global Broadcast Authenticated Message: FIGS. 18-20 
The Global Broadcast Authenticated Message (GBAM) 
is, like the EMMs, ECMs, and FPMs, a CA message. A 
GBAM is broadcast by an entitlement agent to DHCTs 333. 60 
FIG. 18 shows a CA message 805 including a GBAM 1801. 
Message 805 includes a CA message header 1003 and a CA 
GBAM message 1803, which in turn is made up of a GBAM 
header 1807 and global broadcast data 1809. Global broad- 
cast data 1809 is not encrypted, but GBAM 1801 is authen- 65 
ticated in the same fashion as an ECM: header 1807, global 
broadcast data 1809, and MSK 1015 belonging to the EA 
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which sent the GBAM are hashed by one-way hash function 
MD5 to produce GBAM MAC 1805. As with the ECM, the 
MSK 1015 is a shared secret between the EA which sent the 
GBAM and DHCTs 333 that have EA information 1333 for 
the EA. 

FIG. 19 shows GBAM header 1807 in detail as well as the 
form that global broadcast data 1809 takes when GBAM 
1801 is used to provide entitlement information for IPPV or 
NVOD. GBAM header 1807 has a conditional access sys- 
tem I D 1901 thaudentifies CA system^OLin-which-GBAM- 
1801 is being used, a tag which indicates that the message 
is a GBAM, and the identifier 1905 of the entitlement agent 
sending the GBAM. Fields 1907 and 1909 specify the key 
that was used to make MAC 1805. Field 1907 specifies the 
parity of the MSK half used to make the digest, and MSK 
-select-1911-is-an-identifier-for the MSK-itself: 

Purchasable entitlement data 1913 refers to the form of 
global broadcast data 1809 that is used to provide entitle- 
ment information for IPPV or NVOD. Of the fields that are 
relevant for the present discussion, Entitlement ID 1915 is 
the entitlement ID for the event associated with the GBAM, 
and Flags 1917 include flags indicating what kind of can- 
cellation is allowed and whether the time for the event may 
be extended. Number of modes 1919 indicates how many 
different modes there are for purchasing the event. The 
rights which the purchaser receives to the event and the price 
the purchaser must pay will vary with the mode. In the 
preferred embodiment, an event may have up to five pur- 
chase modes. If more purchase modes are required, addi- 
tional GBAMs may be sent. The rights and prices for each 
mode are indicated by arrays. Each array has as many valid 
elements as there are modes. The value of an element 
corresponding to a mode indicates the right or price for that 
mode. Thus, mode right to copy field 1921 is a bit array; if 
a bit for a mode is set, the purchaser of the mode has the right 
to copy the event. Similarly, mode length field 1927 contains 
a value for each mode which indicates the length of time for 
the event in that mode. Mode cost field 1929 contains a value 
for each mode which indicates the cost for the event in that 
mode. Earliest start field 1923 gives the earliest time at 
which entitlement for the event can start, and latest end field 
1925 gives the latest time at which entitlement must end. 

When DHCT333 receives GBAM 1801, it passes GBAM 
1801 to DHCTSE 627 for authentication of global broadcast 
data 1809. Authentication will fail unless DHCTSE 627 has 
the required MSK. If (1) DHCTSE 627 has the required 
MSK and (2) global broadcast data 1809 is data 1913, 
DHCT333 permits the customer to purchase the event. In so 
doing the customer identifies himself or herself to DHCT 
333 by means of a PIN, and that PIN must match PIN 1525 
in EAD 1409 for the entitlement agent that sent the GBAM. 
In making his or her purchase, the customer also specifies 
the relevant modes. Given the mode information and the cost 
information in the GBAM, DHCT 333 can determine 
whether ordering the impulse event will cause the customer 
to exceed the amount (of time, money, etc.) specified in 
stored credit limit 1519 in EAD 1409. If the customer has 
not exceeded the limit, the information from the GBAM and 
from the purchaser's inputs are used to make an event 
descriptor 1703 for the event. DHCT 333 passes the infor- 
mation to DHCTSE 627, which sets the fields in event 
descriptor 1703 according to the values provided it by 
DHCT 333 The flag that indicates whether the purchase 
information has been acknowledged is cleared, and the cost 
of the event is added to the current credit balance. 
The Forwarded Purchase Message: FIG. 21 

The forwarded purchase message (FPM) in a preferred 
embodiment serves two purposes: 
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it informs the entitlement agent that the customer has 

purchased an IPPV or NVOD event; and 
it informs the entitlement agent that the customer has 

canceled the purchase of any event. 
In other embodiments, messages like the FPM can be used 
to transfer any kind of information from DHCT 333 to a 
CAA or an EA. For example, such a message can be used to 
transfer monthly order information from DHCT 333 to an 
EA. 

DHCT 333 sends a forwarded purchase message with the 
purchase'mfonnation^ia thTTeverse^channel to the entitle- 
ment agent that sent the GBAM. The FPM is contained in a 
reverse channel data packet that is addressed to the EA. FIG. 
21 provides an overview of the FPM and of the crypto- 
graphic measures used to protect its contents. FPM 2101 is 

a CA m essage_805-and- consequently"is-sent-with~a~CA~ 

message header 1003. FPM 2101 itself is made up of FPM 
encrypted envelope key 2103, which contains the EAID for 
the entitlement agent and FPM key 2119 for decrypting the 
purchasing information contained in FPM encrypted events 
2113. The key and other contents of envelope key 2103 are 
encrypted for privacy using the public key of the entitlement 
agent for which FPM 2101 is intended. CA FPM message 
2105 includes CA FPM header 211, which includes the 
EAID for the intended EA, and FPM encrypted events 2113. 
The latter are encrypted using the 3-DES algorithm with the 
key in envelope key 2103. CA FPM message 2105's parts 
are a header 213, FPM clear events 2133, which contains the 
purchase information, and padding 2135, The last part of 
FPM 2101 is FPM signed authentication 2107, which is 
encrypted with the private key of DHCT 333 from which 
FPM message 2101 is sent. The encrypted material includes 
FPM signing header 2125, FPM MAC 2127, and padding 
2129. FPM MAC 2127 is made using the MD 5 one-way 
hash algorithm from FPM clear events 2133. Only the EA 
for which the FPM is intended can decrypt envelope key 
2103 to obtain key 2119 to decrypt FPM encrypted events 
2123, and the EA can check the authenticity of FPM clear 
events 2133 only if it has the public key for DHCT 333 from 
which FPM 2101 was sent. 

The part of FPM 2101 which is of further interest here is 
FPM clear events 2133. The information in that part of the 
FPM includes the serial number of DHCTSE 627 in DHCT 
333 from which the message came, the EAID of the desti- 
nation EA, and an indication of the number of events for 
which the FPM contains purchase information. The infor- 
mation for each event is contained in forwarded event data 
for that event. The forwarded event data is taken from 
GBAM 1801 and event descriptor 1703 for the event. Fields 
of interest in the present context include flags indicating (1) 
whether the event has been extended, (2) whether the user 
has canceled the event, and (3) whether the customer has 
purchased the right to copy. Other information includes the 
time the event started or was purchased, whichever is later, 
the time the event is to end, its cost to the customer, and the 
entitlement ID for the event. To cancel any event, including 
an ordinary pay-per-view event, DHCT 333 sends an FPM 
with the same message, but with the event canceled flag set 
to indicate cancellation. The conditions under which DHCT 
333 sends an FPM cancellation message will be explained in 
more detail below. FPMs may also be used to purchase other 
service types, such as monthly subscriptions, or data 
downloads, for example. 
The Acknowledge IPPV/NVOD Event EMM 

When the entitlement agent receives the FPM, it enters the 
information contained in the FPM in its customer informa- 
tion database and returns an acknowledge IPPV/NVOD 



event EMM to DHCT 333. EMM command data 1125 in this 
EMM contains an exact copy of the forwarded event data in 
the FPM that the EMM is acknowledging. When DHCTSE 
627 receives this EMM, it decrypts and authenticates it and 

5 then, for each item of copied forwarded event data, it uses 
the entitlement ID to locate event NVSC 1701 for the event. 
Having located the event NVSC 1701, it compares the 
copied forwarded event data with the corresponding fields of 
event NVSC 1701. If they are the same, DHCTSE 627 sets_ 

1 o_the_flag-in-Flags-Field-1705 that indicates tharthe~purchase~ 
has been confirmed and adjusts the stored credit balance. If 
the EMM has its "canceled" flag set, the "in use" flag in 
event NVSC 1701 is set to indicate that event NVSC 1701 
is not in use and is therefore available for reuse by the 

is entitlement a gent, — 

— Other uses of GBAM 1801 

GBAM 1801 can be used generally to broadcast authen- 
ticated messages via a MPEG -2 transport stream, or other 
transport mechanisms, to DHCTs 333. CA system 601 itself 

20 uses GBAM 1801 in two other ways: to periodically broad- 
cast a time value to DHCTs 333 and to extend the time for 
events. In the former case, GBAM 1801 simply carries the 
time value, which is a secure time, due to the GBAM 5 s 
authentication. The code in DHCT 333 which carries out a 

25 task for the entitlement agent that sent the system time 
GBAM can use the time value to coordinate its activities 
with activities by the EA. Note that this arrangement permits 
the use of per-entitlement agent time schemes. It also 
permits establishing a uniform system time throughout a 

30 digital broadband delivery system by setting up one entitle- 
ment agent in each DHCT 333 of the digital broadband 
delivery system as the "system time entitlement agent" and 
addressing the system time GBAM to the system time 
entitlement agent. 

35 GBAMs 1801 that extend the time for an event carry the 
entitlement ID for the event and the number of minutes the 
time for the event is to be extended. When GBAM 1801 is 
received and provided to DHCTSE 627, the secure element 
adds the number of minutes to end time 1709. 

40 FIG. 20 shows a server application 2001 executing on a 
processor having access to entitlement agent 2005 and to the 
MPEG-2 transport stream being received by a group of 
DHCTs 333. The server application 2001 can use GBAM 
1801 to send authenticated messages to the DHCTs 333. 

45 Server application 2001 sends a message to entitlement 
agent 2005, which uses its transaction encryption device 603 
to make a GBAM 1801 including the payload. Entitlement 
agent 2005 then returns the GBAM to server application 
2001 which sends application data together with the GBAM, 

50 as shown at 2007, to client application 2009 in the DHCTs 
333. Each client application sends GBAM 1801 to DHCTSE 
627, which authenticates it. If the authentication succeeds, 
DHCTSE 627 sends an acknowledgment to client applica- 
tion 2009. It should be noted here that it is the entitlement 

55 agent and not server application 2001 which authenticates 
the payload. 

NVSCs and EMMs for Interactive Sessions 

DBDS 501 can also be used for interactive sessions. 
Examples of such uses are browsing the Internet or playing 

60 video games. In such applications, data being sent to the 
customer will generally go via the MPEG-2 transport 
stream, while data being sent from the customer will go via 
the reverse channel. Such an arrangement is advantageous 
for the many interactive applications in which the customer 

65 receives a large amount of data, for example, the data that 
represents an image, makes a short response, and then 
receives another large amount of data. 
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Each interactive session that is currently taking place with 
a user of DHCT 333 has an interactive session NVSC 1211 
in list 1411 belonging to the entitlement agent that grants 
access to the interactive session. The interactive session 
NVSC contains a session key for the interactive session and 5 
an entitlement ID for the interactive session. DHCTSE 627 
allocates the interactive session NVSC in response to a new 
interactive session storage EMM from the entitlement agent. 
The new interactive session storage EMM simply contains 
the cell name of the NVSC to be used for the_interactive_30 



session. 

Once the EA has established the NVSC, it sends an "add 
interactive session" EMM that is directed to the name of the 
newly -allocated NVSC and contains the entitlement ID and 
the key for the interactive session. The secure element places 
-me-entitlem€m-ID-and-key4n-the-NVSerWhen _ th"e^A~ 
determines that the interactive session is over, it sends a 
"remove interactive session" EMM with the entitlement ID 
for the interactive session and the secure clement deletes the 
contents of the NVSC. It is of course possible that the 
entitlement agent sends a new interactive storage EMM at a 
time when all of the interactive session NVSCs allotted by 
the CAA to the EA are already in use. DHCTSE 627 in a 
preferred embodiment deals with this situation by keeping 
track of the last time each interactive session sent or received 
data. When a new interactive session is needed and none is 
available, DHCTSE 627 shuts down the interactive session 
that least recently sent or received data and uses that 
interactive session's interactive session NVSC for the new 
interactive session. Another solution is to request the user to 
select an interactive session to be terminated. 
Details of the ECM: FIG, 22 

The information in an ECM that is used to determine 
whether the instance of a service that the ECM accompanies 
is to be decrypted in a given DHCT 333 is contained in ECM 
entitlement unit message 1011. FIG. 22 gives details of the 
contents of ECM entitlement unit message 1011 for a 
preferred embodiment of the present invention. Beginning 
with message ID 2205, the two fields 2201 and 2203 identify 
this message as an ECM entitlement unit message. EAID 
2207 is the identifier for the entitlement agent which grants 
entitlements to access to the instance of the service that the 
ECM accompanies. 

Decryption information 2209 is information used to pro- 
duce the control word 2235. Control word counter value 
2235 is encrypted using the 3DES algorithm in a preferred 
embodiment. This algorithm employs two keys, and in a 
preferred embodiment, each key is Vz of the MSK. Also, 
there are two versions of the MSK: even and odd. MSK 
parity 2211 specifies which version is to be used in the 3DES 
algorithm. MSK ID 2213 specifies which MSK belonging to 
the entitlement agent is to be used, or if the ECM accom- 
panies data for an interactive session, it specifies that the key 
is to be found in the NVSC for the interactive session. 
Control word parity 2215 specifies the parity of the unen- 
crypted control word 2235. Parity count 2217 is a 0-1 
counter that has the value 0 when the parity of the control 
word is even and 1 when it is odd. 

Free preview 2219 is a flag that indicates that the ECM is 
accompanying a portion of the service instance that is a free 
preview. That is, as long as a customer has the MSK for 
decrypting the service instance, the customer needs no 
further entitlements to view the free preview portion of the 
service. The main use of free previews is with IPPV or 
NVOD services. Copy protection level 2221 is a value 
which indicates to what extent the instance may be copied. 
Blackout/spotlight 2223 is a value which indicates how 
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blackout/spotlight information 2236 is to be used: not at all, 
for a blackout, or for a spotlight (i.e., the service is targeted 
to the specific area). 

Number of entitlement IDs 2225 specifies the number of 
entitlement IDs 2245 that are contained in this ECM. The 
maximum number in a preferred embodiment is six in a 
single ECM. Multiple ECMs may be sent for each service. 
Allow IPPV 2229 is a flag which indicates whether the 
service instance may be viewed on an IPPV or NVOD basis. 
-Cancel-window-2231-is-a bit that is'set uTa service~instance 
that may be viewed as an event to indicate the end of the 
period during which the customer may cancel the event. 
Time stamp 2233 is a time stamp indicating the time at 
which the ECM was created. Encrypted control word 2235 
is the control word con tained-in-the-ECM.-U-is-enGrypted 
~using the 3DES algorithm and the MSK for the service 
instance. 

Blackout/spotlight information 2236 defines a geographic 
area which is to be blacked out or spotlighted by an instance 
of a service. It does so by means of x centroid 2239 and y 
centroid 2241, the two of which define a point in a geo- 
graphical coordinate system defined by the entitlement 
agent, and blackout radius 2237, which is used to determine 
a square that is centered on the point defined by fields 2239 
and 2241 and that has sides that are twice the value of 
blackout radius 2237. Entitlement ID list 2243 contains from 
one to six entitlement IDs for the instance of the service that 
the ECM accompanies. 

Details of Blackout/spotlight Info 2236: FIGS. 26 and 27 

The coordinate system used in a preferred embodiment is 
shown in FIG. 26. Coordinate system 2601 is a 256 unit by 
256 unit square, with the origin at the lower left-hand corner. 
In the coordinate system, it is the lines, rather than the spaces 
between them, that are numbered. The entitlement agent to 
which coordinate system 2601 belongs assigns each DHCT 
333 in the area covered by the coordinate system the 
coordinates of an intersection of a line that is perpendicular 
to the x axis with a line that is perpendicular to the y axis. 
Thus, a DHCT 333(£) may be assigned the point (i,j) 2603 
in coordinate system 2601. 

FIG. 27 shows how areas are defined in coordinate system 
2601. Area 2705 has its centroid 2701 at the point whose 
coordinates are (57,90). The radius 2703 of the area is three, 
so this number is added to and subtracted from each of the 
coordinates of the centroid to produce a square 2705 whose 
lower left-hand corner is at (54,87) and whose upper right- 
hand corner is at (60,93). In the preferred embodiment, 
points on the left and bottom lines are in the area; points on 
the top and right lines are not. 

Determining whether to Decrypt the Service Instance that 
Accompanies an ECM 

Conceptually, what happens when DHCT 333 receives an 
ECM accompanying an instance of a service is that DHCT 
333 provides the ECM to DHCTSE 627, which examines the 
NVSCs in EA storage 1331 to find whether the customer to 
whom DHCT 333 belongs is entitled to receive the instance 
of the service. If the customer is so entitled, DHCTSE 627 
decrypts the control word in the ECM and provides it to 
service decryptor 625, which uses it to decrypt the MPEG-2 
packets containing the audio and video for the service. 
However, the number of different kinds of services, the 
number of different ways in which a service can be 
purchased, and the number of ways in which access can be 
restricted all work together to make the manner in which 
DHCTSE 627 processes an ECM rather complex. The 
simplest case is for a broadcast service such as a standard 
CATV channel. Here, the customer who owns DHCT 333 
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has paid his or her monthly bill for the service and the 
entitlement authority has sent two EMMs to DHCT 333: a 
MSK EMM with the month's MSK for the service and an 
EMM that specifics the entitlement ID for the service. As 
previously pointed out, the latter EMM may either contain 5 
a list of entitlement IDs or a first entitlement ID and a bit 
map. All of these EMMs may also contain expiration dates: 
in the case of the MSK EMM, there is an expiration date of 
the MSK; in the case of the entitlement ID list EMM, there 
is an expiration date_for_each enjitlejnent_ID_otLthe_list;-in--iO 
~th~e~case ~of~the~entitlement bit map EMM, there is an 
expiration date for the entire bit map. 

At a minimum, EA information 1333 for the entitlement 
agent that provides entitlements for the service instance that 
the ECM is accompanying contains EA descriptor 1409, a is 
_MSK NVSG4601 r and^itherauxnt^ 
1613 or an entitlement list NVSC 1623 for the service to 
which the instance belongs. EA information 1333 may also 
contain NVSCs with entitlement information for many other 
services or instances thereof The ECM for the service 20 
instance will contain, at a minimum, entitlement agent ID 
2207, decryption information 2209, time stamp 2233, 
encrypted control word 2235, and a single entitlement ID 
2245 for the instance of the service. 

When DHCT 333 receives the ECM, it delivers the ECM 25 
to DHCTSE 627, which reads down EA list 1406 until it 
finds an EA descriptor 1409 having a value in EAID 1509 
that is the same as the value EAID 2207 in the ECM. 
DHCTSE 627 then follows first NVSC pointer 1513 to list 
1411 and looks for a MSK NVSC 1601 that has an MSK ID 30 
field 1603 containing the same value as MSK ID field 2213 
in the ECM. Having found such an MSK NVSC, it deter- 
mines from no_exp_dat flag 1607 whether expiration date 
field 1605 contains a valid time value, and if so, it compares 
that value with the value in the ECM's time stamp field 35 
2233. If the value in time stamp field 2233 is more recent in 
time, DHCTSE 627 will not use MSK 1608 from MSK 
NVSC 1601 to decrypt control word 2235. The secure 
element continues searching for an MSK NVSC with the 
proper MSK ID and an unexpired MSK, and if it finds such 40 
a MSK NVSC, it uses that MSK NVSC; if it finds no such 
MSK NVSC, it does not decrypt the control word. 

DHCTSE 627 similarly searches list 1411 for an entitle- 
ment bitmap NVSC 1613 or an entitlement list NVSC 1623 
which contains an entitlement ID which is the same as one 45 
of the entitlement IDs 2245 in the ECM. If (1) DHCTSE 627 
finds an NVSC with such an entitlement ID and (2) there is 
no valid expiration time in the NVSC that specifies the 
entitlement ID that is earlier than time stamp 2233 in the 
ECM and (3) DHCTSE 627 has also found a valid MSK 50 
NVSC 1601 as described above, DHCTSE 627 decrypts 
control word 2235 using the MSK and decryption informa- 
tion 2209 in the ECM. Decryption is done using the 3DES 
algorithm that was used to encrypt the control word. In a 
preferred embodiment, the control word contained in the 55 
ECM is a counter value as described above, and DHCTSE 
627 produces the control word that actually is used to 
decrypt the service instance by re -encrypting the integer 
using the MSK and the 3DES algorithm. That control word 
usable by the service decryptor is then returned to service 60 
decryption module 625, which uses it to decrypt the service 
instance. 

As is apparent from the foregoing description, when 
DHCTSE 627 searches an entitlement agent's entitlement 
agent information 1333 for a given entitlement for a service, 65 
it continues searching until it has either found an NVSC that 
contains the entitlement or it has reached the end of list 1411. 



What this means in logical terms is that the entitlements that 
a given entitlement agent can grant are the logical OR of the 
entitlements specified in entitlement agent information 
1333. For example, if one entitlement bit map NVSC that 
contains the same entitlement ID as the ECM has expired but 
another has not, DHCTSE 627 disregards the expired 
NVSC, and based on the active NVSC, produces control 
word 2235. 

It should further be pointed out here that time stam p 2233 
-m-tne-EGM-and-the-expiration^^ 
prevent reuse of a previous month's MSK to decrypt an 
instance in the current month and also prevent reuse of a 
previous month's entitlements in the current month to imple- 
ment the protection against replay attacks described in the 
Banker and Akins p atent.application-supra- 



Where further restrictions apply to an entitlement, 
DHCTSE 627 searches for that information as well in 
entitlement agent information 1333. For example, if 
blackout/spotlight field 2223 of the ECM indicates that a 
blackout applies to the service, DHCTSE 627 uses blackout/ 
spotlight information 2236 to determine whether the loca- 
tion specified by x coordinate 1521 and y coordinate 1523 is 
within the square specified by blackout/spotlight informa- 
tion 2236; if so, DHCTSE 627 does not decrypt control word 
2235. When a spotlight applies, the procedure is of course 
the opposite: DHCTSE 627 decrypts the control word only 
if x coordinate field 1521 and y coordinate field 1523 specify 
a location within the square. 

As previously noted, the techniques that are used to grant 
entitlements according to geographical area may be gener- 
alized to grant entitlements to various subsets of customers. 
For example, entitlements may be conceptually represented 
in a Venn diagram, blackout/spotlight information 2236 may 
specify an area in the Venn diagram that represents the set 
of customers that are entitled to receive the service, and x 
coordinate 1521 and y coordinate 1523 may specify the 
location of the customer in the Venn diagram. One use of 
such an arrangement would be to restrict access to an 
instance of a service according to a customer's desire that 
users of his or her DHCT not have access to instances with 
objectionable content. In other embodiments, of course, 
more coordinates or other ways of representing set mem- 
bership could be used. 
Event Services 

When the ECM accompanies an instance of an event, 
interpretation of the ECM takes place as described above, 
except that the entitlement information for the event is 
contained in an event NVSC 1701. DHCTSE 627 searches 
the entitlement information 1333 for the entitlement agent 
having the EAID that is in the ECM for an event NVSC 1701 
containing an event descriptor 1703 with an entitlement ID 
1713 that is the same as one of the entitlement IDs 2245 in 
the ECM. If the event is a standard pay-per-view event, 
DHCTSE 627 then examines the flags 1705 to determine 
whether the customer has canceled the event and whether 
purchase of the event has been confirmed (always the case 
with standard pay-per-view). The DHCTSE 627 then com- 
pares purchase time 1707 and end time 1709 with time 
stamp 2233 to determine whether the time indicated by the 
time stamp is within the period indicated by fields 1707 and 
1709. If the examination of event NVSC 1701 indicates that 
the customer is entitled to the event, DHCTSE 627 decrypts 
control word 2235 as described above. 

With IPPV or NVOD events, allow IPPV flag 2229 in the 
ECM must indicate that the event is one that need not be 
purchased in advance. Free preview flag 2219 may also be 
set to indicate that the portion of the event instance accom- 
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parried by the ECM is part of the free preview, and cancel 
window flag 2231 may further be set to indicate that the 
event can still be canceled. If free preview flag 2219 is set, 
DHCTSE 627 simply looks for a MSK NVSC 1601 in EA 
information 1333 that contains the MSK specified by MSK 
ID 2213 in the ECM. If the DHCTSE 627 finds one that is 
valid, it decrypts control word 2235. 

If free preview flag 2219 is not set, DHCTSE 627 goes to 
the event NVSC 1701 having the entitlement ID 1713 that 
is the same as one in ECM field 2245. If flags included in 

„flags-1705-indicate4hat-the-pufchase-of the'event"has been" 
confirmed and the event has not been canceled, DHCTSE 
627 decrypts control word 2235. If the event has not been 
canceled and has not been confirmed, but time stamp 2233 
indicates a time that is within a predetermined period after 
purchase time 1707 indicated in even t descri ptor 1703 t _ 

-DHCTSE 627 also o^cf^ts^trol^w6Td"2235. It is by this 
means that the service instance continues to be decrypted 
between the time the FPM is sent to the entitlement agent 
and the time the entitlement agent returns the acknowledge 
IPPV/NVOD event EMM. This causes the confirmation flag 
to be set in flags 1705. 

Cancellation of Entitlements to Events: FIGS. 17, 19, and 

22 

Whether a user can cancel a previously purchased entitle- 
ment to an IPPV/NVOD event that he or she has purchased 
preferably depends on the event. There are three possibili- 
ties: 

the entitlement can be canceled up to two minutes past 
purchase; 

the event can be canceled during a period of time termed 

a cancellation window, or 
the event cannot be canceled. 

Which of the three possibilities is associated with a given 
event is determined by the purchasable entitlement data 
1913 in the GBAM that accompanies the event. One flag in 
flags 1917 indicates whether the event can be canceled; 
another indicates whether cancellation is possible in a can- 
cellation window. If neither flag is set, the event cannot be 
canceled. When DHCTSE 627 makes an event descriptor 
1703 for the event, the values of the flags in the GBAM are 
used to set flags in flags 1705 which indicate whether the 
event may be canceled or during a cancellation window 
only. Again, if neither flag is set, the event cannot be 
canceled. 

The user cancels an event by requesting cancellation via 
customer input 628 to DHCT 333. When DHCT 333 
receives the input, it provides a cancellation request, includ- 
ing the EAID and entitlement ID for the instance, to 
DHCTSE 627, which uses the EAID and the entitlement ID 
to locate the event NVSC 1701 that contains event descrip- 
tor 1703 for the event. If the flags in flags 1705 indicate that 
the entitlement cannot be canceled, DHCTSE 627 indicates 
that fact to DHCT 333, which then indicates that the 
entitlement is not cancelable to the user. If the flags indicate 
that the entitlement can be canceled, DHCTSE 627 simply 
sets the canceled flag in event descriptor 1703. If the flags 
indicate that the entitlement can be canceled only during a 
cancellation window, and an ECM indicating the cancel 
window has ended has not yet been received, DHCTSE 627 
sets the cancel flag in event descriptor 1703; otherwise, it 
indicates to DHCT 333 that the entitlement cannot be 
canceled, and DHCT 333 so informs the user. If the event 
has been canceled, DHCTSE 627 clears the acknowledged 
flag, which action causes a new FPM to be sent to the 
entitlement agent for the event. The entitlement agent 
responds to the FPM by adjusting its billing as required by 
the cancellation and sending a new acknowledge EMM. 
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Interactive Sessions 

The chief difference between broadcast services and inter- 
active services is that each session of the interactive service 
has its own interactive session key, which is contained in the 
interactive session NVSC for the interactive session. The 
NVSC for the interactive session also contains the entitle- 
ment ID for the interactive session. In an ECM that accom- 
panies the MPEG-2 stream for an interactive session, MSK 
ID field 2213 is set to a vaiue which indicates that t he 
-MPEG-2-stream-is -to~be-decrypted" using an interactive - 
session key. When DHCTSE 627 interprets such an ECM, it 
uses entitlement ID 2245 to find the NVSC for the interac- 
tive session and then uses the interactive session key con- 
tained in the NVSC to decrypt control word 2235. 
DejajledDescri ption of Tr ansaction^ncrvption-Device 603:- 
FIGS. 24 and 25 

Each CAA that can authorize entitlement agents in digital 
broadband delivery system 501 and each EA that can grant 
entitlements in system 501 has a Transaction Encryption 
Device or TED 603 in system 501. Preferably, each CAA or 
EA has its own separate TED in system 601. Alternatively, 
the TEDs could be combined in one device. The TED 603 
stores the secret keys used by the entity to which it belonges 
and has hardware and software to do encryption, decryption, 
key generation, and authentication as required by the entity. 
The keys are kept secure by implementing the TED without 
a user interface or user I/O devices, by implementing it in a 
tamper resistant container, by connecting the TED only to 
the DNCS and using a secure link for that connection, and 
by keeping the TED in a physically secure environment such 
as a locked room. 

In the case of a TED 603 for a CAA, the TED 603 stores 
the private keys corresponding to the three public keys 
representing the CAA in the DHCTs 333, encrypts and 
provides sealed digests for of EM Ms from the CAA to the 
DHCTs 333, and decrypts and authenticates messages from 
the DHCTs 333 to the CAA. In the case of a TED 603 for 
an EA, the EA TED does the following: 

(1) stores the public and private keys for the EA and the 
MSKs for the EA; 

(2) generates the EA public and private keys and the 
MSKs; 

(3) encrypts and prepares sealed digests for the EMMs 
sent on behalf of the EA; 

(4) prepares the shared secret digests used to authenticate 
global broadcast messages; 

(5) provides the MSKs to SEES module 620 for use in 
encrypting instances of services; 

(6) generates interactive session keys (ISKs) for interac- 
tive session EMMs and provides them to SEES module 
620 for use in encrypting the interactive session; and 

(7) decrypts FPMs and other messages sent from DHCT 
333 to the entitlement agent. 

TED 603 in Conditional Access System 601: FIG. 24 

FIG. 24 shows the relationship between a number of 
TEDs 603 and the rest of conditional access system 601. 
Portion 2401 of conditional access system 601 includes a 
CAA TED 2427 for a CAA that authorizes entitlement 
agents in system 601. Portion 2401 also includes one EA 
TED 2425 for each of the n+1 entitlement agents which the 
CAA has currently authorized for DHCTs 333 in digital 
broadband delivery system 501. Alternatively, all EATED 
2425 functions could be combined into a single TED, which 
could include the CAA TED 2427 function. Each TED is 
kept in a physically secure area 2428 and is connected to 
DNCS 507 by a secure high-speed link 2423 that connects 
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only DNCS 507 and the TEDs 603. In the preferred broadcast messages to DNCS 507 and receives unencrypted 

embodiment, the secure link is a secure Ethernet link. DNCS contents 2412 of FPMs for the EA from DNCS 507. With EA 

507 uses TED 605 to encrypt EMMs, to decrypt FPMs, to EMMs and global broadcast messages, DNCS 507 uses EA 

generate EA public and private keys, to generate MSKs and TED 2425(*) to do the necessary encryption, digest making, 

ISKs, and to prepare global broadcast message digests. 5 and key generation and then sends the encrypted and authen- 

DNCS 607 has a remote procedure call interface to the TEDs ticated EMMs and global broadcast messages, as well as the 

603 for performing these operations, and, consequently, MSKs to SEES 620, as shown at 2426 and 2418. In the case 

programs executing on DNCS 607 can use the facilities of of EMMs, wl^ch are repeatedly sent over an extended period 

n Tvrs u T - t.-vir.,, » ^oii of time to the DnCTs, DNQ> r>07 stores the encrypted 

TS?r^& y by , h mil 7 g P T £ T ■ .™ n _ in _EMMs in-EMM-database-2420-and-provides-thcm-to-SEES 

™? J'l : V S !iv ■ cU0D betWe f n ~*l™ n ™ 10 620 from there. With FPMs, DNCS 507 uses the BATED 

603 and the rest of conditional access system 601. DNCS fof EA2409(/) , 0 which the FPM j, addressed l0 

5U7 is connected Dy a oetworK «us to systems belonging to do ^ 

decryption and authentication and sends decrypted 

the CAA and the vanous EAs. Each of these entities has a . v, tn r? A lAna/ri t^xt^c enr ,„ ft ^ £\ a 

, A , . c 4 . . 4 .„ c FPM contents 2412 to EA 2409m. DNCS 507 treats CAA 

database containing information relative to its function. EMMs the same wav as EA EMMs except that the encrvn- 
CAA2405 has CAA database 2403, which cootainsjrtJe^^ 

n-— jnrr-A 7— 7 r tt^i a~ ; j • r tU u° n an d digest making is done using CAA TED 2427. 

the CAA s three public keys and encrypted versions of the DNCS 507 also contains a database of encrypted entity 

corresponding three private keys, the entitlement agent information 2419 which ^ eQC d ^ of ^ 

identifiers for the entitlement agents that the CAA and MSRs ^ . ^ ^ 6Q9 ^ afe 

authonzes, and a per-DHCT database that contains the r ( ' ^ Kiric , - n - ~~ . . , t . t • r 

, r . VT ™^ , ^ AA . connected to DNCS 507. This encrypted entity information 

names, types, and numbers of the NVSCs that the CAA has 20 . , . . ™~ . f ,^ .. . . . 

1 . . * *t_ • j r .u mi ™ is used to restore a TED 11 a malfunction or the physical 

allocated to each entitlement agent authorized for the DHCT. , t . - ™~ . , f . , . f 

Each EA 2409(0 has its own EA database 2407(0. EA %£T%fJ£ ™ ^done'T'theTCD uti^Ytss 

database 2407(0 preferably contains the EAID for the EA ™ ™; v^^XLttoll'taL been encrypted! ftfa 

a list of the MSK IDs and expiration dates for the MSKs that r , # . nxr „n fA - , 4 , , , , 

, _ A . . - - . - iL . output to DNCS 507 and stored in database 2419; when the 

the EA is currently using, and a database of the services 25 - , , # . • c t . . . ^ . iU . tU 

. i . • j. ^ r TED is restored, the information is input together with the 

and/or instances that the EA is providing. Inis database or . # u- u *u j * *u i 

/ . 5L - pass phrase to the TED, which then decrypts the key 

services contains at least the entitlement ID tor each service. nformation 

EA database 2407(0 also includes a per-DHCT database of DeuTdZplementation of TED 2425(0: FIG. 25 

toe enutlement IDs, entitlement expiation tunes^ and MSK 25 " m of V preferred embodi . 

IDs for the entitlements and MSKs sent in EMMs to the 30 . c ^ A ™~ ^-wx T *u e a u j~ ♦ 

T^nr^r niT «r , , . ! , . ment of an EATED 2425(f). In the preferred embodiment, 

DHCT. The per-DHCT database may also contain customer rATrn^en- • i *j • * a ^ 

, M1 . . r. • , i ■ * . -j.ji EATED 2425(0 is implemented using a standard computer 

bUhng information such as the infonutaon required to deal motherboard and with a standard Ethera6t board and 

with the purchase information in an FPM. , r , 4 . nCA , 

r .„ -^^-i ■ • i_- . • additional means tor accelerating KSA encryption and 

Key certification authority 2413 is an entity which certi- , 

decryption 

fles the public keys of DHCTs 333 to DNCS 507 In a 35 ^ sbo wn in FIG. 25, the main components of TED 

preferred embodiment, key certification^ authonty 2413 is ^ cpu 25 memo 25Q a random 

maintained by the manufacturer of DHCTs 333. DHCT key , v /. „ anarntnr ctk^^^t i™.^ nnA , 

, , . * ' A . , t . £• i<-vyi . . , ' number generator 2537, an Ethernet board 2541, and a 

database 2411 contains a database of DHCT serial numbers . r r»c* 1 . u a -»cm/n \ n 

... .... r r^,,™-™ . . number of RSA accelerator boards 2539(0 . . . n), all 

and their public keys. When a user ot a UHL1 333 wishes . . A , . f ncx 

. *^ . J r „ i- a interconnected by bus 2503. The use of more than one RSA 

to purchase an instance of a service offered by an hA, the 40 , 4 , J , •* no* *• ai 

v , , , , Pi . lLlL ; . , , accelerator board 2549 permits RSA encryption and/or 

user sends a purchase order to the EA with the serial number , . . c A 

(which is also the IP address) of the DHCT 333. The EA deC ^P tl0n ™ 1 : P ^ le ii, , ^^ t ? ,,8CqU ^ , 1 Ce ' 

v . j i . , . 4 Vxvt^o */*-r i ■ t ... embodiment of TED 2425m is capable of encrypting a 

provides the serial number to DNCS 507, which maintains . rrxtx* \i J u i 

j . u *>ah fnnr^r ui- i u -1 u le plurahty of EM Ms very rapidly, e.g., with in a second, while 

a database 2421 of DHCT public keys by serial number. If \c • *u V- ■ i • 

. . , u . t a * u TSv rrc en - . dr also performing other operations involving encryption, 

the serial number is not m the database, DNCS 507 sends a 45 , . . & , T i ... t ° Jr 

- . ui- i * vr>A <*ai? -m. * digest making, or decryption at a similar rate, 

request for the public key to KCA 2413. The request \ A . • C a • c *• ^em u w *u 

\ . iL . f l • i i 7i_ Memory 2505 contains EAinformation 2507, which is the 

contains the senal number, and the key certification author- J , . t1 - .... . 4 . . . . 

, ^ . . ,/ j • . * | . j public and private key for the entitlement agent to which 

■ty responds to the request by sending a dig.tally signed ^ 2425(0 belongs, the MSKs for the EA, and code 2523, 

U 3 X Ut T^K- VT k < n which fe code executed by CPU 2501. The parts of 

DHCTs public key. DNCS 507 has the public key for the 50 ». ne ... , . J A AT!A . f A_ of . 

i X *• .u % j *u wi * i a *u memory 2505 which contain code 2523 and EAinformation 

key certification authority and uses the public key and the -_ n - f ., „ . t , f , . • • rt ^ 

, . t t a *u *u *• ** r *u hupt 2507 are non-volatile, with the part containing code 2523 

dig* al signature to confirm the authenticity of the DHCT and aQ oonutoing EA information 

<n y 7 '". ^ eSSa8 K, t % y d,, 3 C " 2507 being both readable and writable. Tne code which is of 

DNCS 507 places it in public key database 2421. . t .... ... • - , , 

DNCS 507 is further connected via another high-speed 55 d ^™; acl ^ s: 

link 2417 to SEES 620, which is provided with MSKs for W MSK generating code 2525 which generates MSKs 

encrypting instances of services. Additionally, DNCS 507 and ^ SKs from ra f ° m Dumbers P rovided b * random 

provides global broadcast messages (GBAMs) and EMMs number generator 2537 

for broadcast via transport link 517 to the DHCTs 333. ( 2 ) RSA key generator 2517, which generates public and 

Finally, DNCS 507 is connected via the reverse path pro- 60 P rivate RSA keys from random numbers; 

vided by LAN interconnect device 617 to the DHCTs 333 (3) MD5 code 2529, which performs the MD5 one-way 

auu receives FPMs from the DHCTs 333. In other hasn algorithm; 

embodiments, DHCT 333 may also send EMMs to DHCTs (4) 3DES code 2531, which does 3DES encryption and 

333 by this route. decryption; 

Data flows in portion 2401 are shown by labels on the 65 (5) GBAM authorization code 2533, which makes the 
arrows connecting the components. Thus, an EA 2408(i) shared-secret digest used to authenticate global broad- 
sends unencrypted contents 2410 of EA EMMs and global cast messages; 
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(6) RSA encryption/decryption code 2535, which per- 
forms RSA encryption/decryption with the assistance 
of RSA hardware 2539; 

(7) EA information encryption code 2536, which encrypts 
EA information 2507 with a pass phrase for storage in 5 
DNCS 507; 

(8) EMM code 2538, which produces encrypted and 
authenticated EMMs; and 



'9) FPM code 2540, which decrypts and checks FPMs. 



EA-infoFmation-2507-containsnheinformatibn needed'to" 

do the encryption and authentication of GBAMs and EMMs 
sent on behalf of the EA represented by TED 2425(0- EA 
information 2507 also facilitates and contains information 
for decryption and authenticity checking on FPMs directed 
t o that EA. In a prej^ecUrnbodimeDU EAinfbrmation 2507-^-; 

"includes at least: (1) EAID 2509, which is the EAID for EA 
2409(0, EA Ku 2511 and EA Kr 2513, which are the public 
and private keys respectively for EA 2409(0; and (2) a MSK 
entry (MSKE)2515 for each MSK being used by EA 2409(0 
in conditional access system 601 to which TED 2425(0 
belongs. Each MSKE 2515 contains MSK identifier 2517 
for the MSK, the expiration time 2519, if any, for the MSK, 
MSK parity 2520 for the MSK, and MSK 2521 itself. 
Operations Performed by EA TED 2425(0 

When EA TED 2425(0 is initialized, it is provided with 
the EAID for the EA to be represented by TED 2425(0- 11 
stores the EAID at 2509 and uses RSA key generation code 
2517 and a random number from random number generator 
2537 to generate EA public key 2511 and EA private key ^ 
2513, which are stored in EA Information 2507. A Remote 
Procedure Call (RPC) permits DNCS 507 to read EA public 
key 2511. Other RPCs permit DNCS 507 to read TED 
2425(0's serial number, to get and set TED 2425(0' s system 
time, and to call TED 2425(0 t0 determine whether it is 
responding. TED 2425(0 responds to this call with its serial 
number. EA TED 2425(0 ^so reports a number of alarm 
conditions to DNCS 507. These include encryption partial 
and total failure, random number generation failure, memory 
failure, and TED and Ethernet overload. 

Continuing with the encryption and authentication of 
EMMs, DNCS 507 has two RPCs, one for EMMs generally 
and one for MSK EMMs. When DNCS 507 is to make a 
non-MSK EMM for EA 2049(0, it receives the following 
from EA 2409(0: 

(1) the serial number of the DHCT 333 which is the 
destination of the EMM; 

(2) an EAID for EA 2409(0; 

(3) the EMM's type; and 

(4) the information needed for an EMM of that particular 50 
type, for example, an entitlement bit map together with 
the first entitlement ID, the expiration date, and the 
no-expiration date flag. 

DNCS 507 uses the serial number to look up the public 
key for the DHCT 333 in public key database 2421, uses the 55 
EAID to determine which TED 2425 to use, formats the 
information as required for an EMM of this type, and 
provides the formatted information (1123, 1125, and 1127 in 
FIG. 11) via the RPC to TED 2425(0 together with the 
DUCTs public key. EMM code 2538 then uses MD5 code 60 
2529 to make a digest of the formatted information and uses 
RSA E/D code 2535 to encrypt the formatted inform a lion 
with the DHCT's public key and encrypt the digest with 
private key 2513 for the EA. The encrypted formatted 
information and the encrypted digest are provided to DNCS 65 
507, which adds whatever else is necessary and places the 
EMM in EMM database 2420. 
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For an MSK EMM, DNCS 507 receives the EAID, the 
DHCT serial number, the EMM type, the MSK parity, the 
MSKID, and any expiration date from EA 2409(0- DNCS 
507 then retrieves the DHCT serial number, formats the 
information, and makes the RPC call as just described. In 
this case, EMM code 2538 looks in EA Information 2507 to 
find the MSK corresponding to the MSK ID and adds the 
MSK to the formatted information. Then EMM code 2538 
uses MD5 code 2529 to make a digest of the formatted 
information. EM M J code_2538 .then-uses-J^SA-encryption/ - 
decryption code to encrypt the formatted information with 
the DHCT's public key and encrypt the digest with the EA's 
private key and returns the EMM to DNCS 507, as described 
above. 

The interface for giving a global broadc ast messa ge its^ 
authenticationinforma^ of the MSK 

that is to be the shared secret and the contents of the global 
broadcast message. GBAM authorization code 2533 in TED 
2425(0 uses the MSKID to locate MSKE 2525 for the MSK, 
combines MSK 2521 with the contents of the global mes- 
sage (GBAM header 1807 and global broadcast data 1809 in 
FIG. 18), and uses MD5 code 2529 to produce the digest 
(GBAM MAC 1805), which it returns to DNCS 507. 

With messages sent from the DHCT 333 to the EA, such 
as the forwarded purchase message, the IP packet in which 
the message is sent includes the IP address of the DHCT 333 
which is the source of the message, and that in turn includes 
the serial number of DHCT 333. DNCS 507 uses the serial 
number to locate the public key for DHCT 333 in public key 
database 2421 and provides the public key to TED 2425(0 
together with encrypted envelope key 2103, CA FPM mes- 
sage 2105, and FPM signed authentication 2107 from the 
FPM. FPM code 2540 then: 

(1) uses EA public key 2511 and RSA encryption/ 
decryption code 2535 to decrypt FPM encrypted enve- 
lope key 2103; 

(2) uses 3DES code 2531 and the decrypted envelope key 
to decrypt FPM encrypted events 2113; 

(3) uses RSA encryption/decryption code 2535 and the 
public key for DHCT 333 to decrypt FPM authentica- 
tion 2107; and 

(4) uses the decrypted encrypted events with MD5 code 
2529 to produce a new hash which it compares with the 
decrypted value of FPM authentication 2107. If this 
comparison indicates that the FPM is authentic, TED 
2425(0 returns the decrypted events to DNCS 507, 
which in turn forwards them to EA 2409(0- 

The MSKs in MSK 2515 are generated by TED 2425(0- 
The interface for MSK generation simply requires the 
MSKID for the new MSK, the parity for the new MSK, and 
any expiration time. MSK generation code 2525 receives a 
random number from random number generator 2537 and 
uses it to generate the new MSK. Then the MSKE 2515 for 
the new MSK is made and added to EA information 2507. 
If there is already an MSKE 2525 for the MSKID for the 
new MSK, the new MSKE replaces the existing MSK5E. 
TED 2425(0 a ^ so generates interactive session keys for the 
add interactive session EMM. Key generation is as 
described for the MSK EMM. Once TED 2425(0 has 
provided the EMM content with the encrypted key to DNCS 
507, it overwrites the area in memory 2505 where the 
interactive session key was stored. 
CAA TEDs 

CAA TEDs 2427 have the same hardware as EA TEDs, 
but in the preferred embodiment, they only encrypt the CAA 
EMMs used to establish an entitlement agent in a DHCT 
333. 
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EMM encryption is done exactly as described for EA There are many ways of relating the authentication to the 
TEDs. The only keys required for encrypting and authenti- data being authenticated. One way is to use a GBAM as 
eating CAA TEDs are the DHCT 333's public key and the described above with regard to FIG. 20. In such a case, the 
CAA's private key. They therefore need only store one of the GBAM payload 2003 would be the digest for the data being 

three public-private key pairs that represent the CAA. The 5 downloaded and entitlement agent 2005 would encrypt the 
CAA public-private key pair is generated elsewhere. The digest ^ its pr i va te key as well as making a digest using 
private key is encrypted using a pass phrase that is provided pa yload 2003 and a MSK. Another way is to simply send a 
to CAA TED 2405 along with the key pair. CAA TED then m e via the MPEG _ 2 transport stream or using an IP 
decrypts the private key and stores the decrypted private key, k£ , ^ mQUtiDKd an authentication portion as well as the 

but not the pass phrase, in memory 2505. ine encrypted 1Q _ 

private key, but not the oass_phrase,-is-stored-in*encrypted^ ~ rt 7^7~ r j 4 * u * u j i j ^ * *u u 
-5ntiiTiHformStonT419 in DNCS 507 as well. , ° De da ! a ha ' can be d ,°^ oad v , ed usm§ he above 

Authenticating Data for Applications Running on DHCT '^hniques is code to be executed by the general purpose 
333* FIG 23 processor in DHCT 333. The memory used by the processor 

TTic foregoing has disclosed how conditional access sys- includes a P ortion which 15 flash memory. That is, the 
tem 601 uses the conditional access authority, the entitle— ^ in ^ n ^^^ 
„raent_agents,-DHGTSE-627— and-transacti6iriencr>^tion but can be rewritten only as a whole. Such memory is 
device 603 to provide security for its own operations and for typically used to hold downloadable code. FIG. 23 shows a 
the keys and entitlement information required to decrypt an message containing downloadable code. Code message 
instance of a service. Another function of conditional access 2301 has two parts: authentication part 2303 and code part 

system 601 is that of ensuring secure data downloads for 20 2305. Code part 2305 contains encrypted or unencrypted 
applications executing on DHCT 333. There are two paths code, as the situation requires. Authentication part 2303 
by which data may be downloaded: (1) in an MPEG-2 contains at least two items of information: authenticator 
stream via the high bandwidth path running from SEES 619 identifier (AID) 2307 and sealed digest 2309, Authenticator 
via transport network 517 to HFC network 521 to DHCT identifier 2307 is the CAAID or EAID for the conditional 

333, and (2) in IP packets via the lower bandwidth path 25 access authority or entitlement agent that is authenticating 
running from control suite 607 via LAN interconnect device code 2305; scaled digest 2309 is made by hashing code 2305 
617 and QPSK modulator 621 to HFC network 521 and in a one-way hash function to make a digest and then 
DHCT 333. encrypting the digest with the private key of the CAA or EA 

As with the data used in conditional access system 601, that is authenticating the code. SD 2309 is produced in a 

there are two aspects to the problem: security and authen- 30 preferred environment by a transaction encryption device 
tication. Security may be attained by encrypting the data. In 605. 

the case of data delivered by the high bandwidth path, Code message 2301 can be sent either in a MPEG-2 
encryption may be either by DES using an MSK when the transport stream or as an IP packet. Message 2301 may be 
data is intended for all DHCTs 333 having a given entitle- broadcast to any DHCT 333 that has the authenticating CAA 

ment agent or by means of the public key for the DHCT 35 or EA, or it may be sent to a specific DHCT 333. In that case, 
when the data is intended for a specific DHCT 333. In the the packet(s) carrying code message 2301 will include an 
case of data delivered via the lower bandwidth path, the data address for DHCT 333. In the preferred embodiment, the 
is addressed to the IP address of a specific DHCT 333 and address is DHCT 333' s serial number. When code message 
may be encoded with the public key of the DHCT 333. In the 2301 arrives in the DHCT 333 for which it is intended, code 

case of encryption with a MSK, the MSK is provided by 40 executing on the processor performs the one-way hash 
transaction encryption device 603, and, in the case of function on code 2305 and provides the result together with 
encryption with the public key of the DHCT 333, transaction AID 2307 and sealed digest 2309 to DHCTS E 627. 
encryption device 603 can provide the key or do the encryp- DHCTSE 627 uses AID 2307 to locate the public key for the 
tion itself DHCTSE 627 contains the keys needed to do the CAA or EA and then uses the public key to decrypt sealed 

necessary decryption in DHCT 333. 45 digest 2309. Finally, it compares the hash value in decrypted 
The authenticating entities in conditional access system sealed digest 2309 with that provided by the code executing 
601 comprise the conditional access authority and the on the processor, and, if they are equal, DHCTSE 627 
entitlement agents. Authentication of downloaded data is signals that the code has been authenticated, 
done in the same fashion as in EMMs, namely by using a Public Key Hierarchy (FIG. 28) 

one-way hash function to make a digest of the downloaded so The various elements of the system described herein 
data and then encrypting the digest with the private key of collectively implement a public key hierarchy 2801 within 
the authenticating entity to make a sealed digest. In the the network. This is advantageous because such a hierarchy 
preferred embodiment, the sealed digest is made in trans- can be used to establish the "trust chains" that support 
action encryption device 603. When the downloaded data scaleable and spontaneous commercial interaction between 

arrives in DHCT 333, DHCTSE 627 uses the public key of 55 DHCTs 333 and other networks that employ public key- 
the authenticating entity to decrypt the sealed digest and based security, such as the Internet. It can also be used to 
then uses the one-way hash function to again hash the establish trust in user commercial interactions with the 
downloaded data. If the downloaded data is authentic and DBDS 501. 

has not been corrupted in transit, the decrypted sealed digest FIG. 28 shows the hierarchy of public key certification in 

and the result of hashing the data in the one-way hash 60 the DBDS. There are two independent "trust chains" shown, 
function will be equal. It should be noted at this point that On the left hand side is the "DHCT chain", which establishes 
the authentication is done not by the originator of the data, the validity of ihe public keys associated with DHCTs 333 
but rather by a CAA or EA that is known to the digital broad and enables trusted use of digital signatures made by the 
band delivery system. Moreover, because the CAA or EA is DHCT 333. On the right hand side, is the "Operator chain" 

already known to DHCT 333, downloading of authenticated 65 which establishes the validity of public keys associated with 
data to DHCT 333 can occur without intervention of the user the network operators and the subtending EAs within each 
of Dl-ICT 33 system and enables trusted use of signatures of these entities. 
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The DHCT signature 2806 may be used as described operated by different operators in different DBDS instances 

elsewhere herein to authenticate messages sent from the are controlled by an operator CAA that is specific to that 

DHCT 333. However, for recipients to be able to trust such operator and system. Since DHCTs 333 at manufacture time 

DHCT signatures as authentic, they must know with cer- are not configured to be controlled by any operator CAA, but 
tainty that the public key claimed to be associated with 5 instead are controlled by three Root CAAs the public keys 

DHCT 333 is in fact the true key which matches with the of which are placed in the memory of the secure processor 

DHCTs private key. This is accomplished by certifying the during manufacture, they must be reconfigured for control 

DHCT certificate 2806 with the factory programmer certifi- by different operators. This must be done securely. As 

cate authority (FPCA) signature. The FPCA signature can be described elsewhere herein, messages bearing the digital 

trusted^ because re ference c an be_made_to_EP.CA .certificate signatures of-two-of-the-Root-GAAs-can-be-used-to recon~ 

~2805.~The DHCT certificates 2806 and the FPCA signature figure the terminal with respect to the third CAA. The EMM 

as well as the FPCA certificate 2805 are preferably made at generator 2901 is used to produce one of the two messages 

the manufacture time of DHCT 333 in a secure way. Since needed to introduce a new Operator CAA public key in a 

it may be necessary over time to issue new FPCA certificates certified way to the DLICT 333. DHCT public key certifi- 

and use new FPCA signatures, each FPCA certificate is also cates 2902 are input to the EMM generator so that it may 



certified-with-asignature^of-the-DHGT-Root-whieh may have- 15 ~know-for-which~DHCTs — messages are to"be made . The 
its own certificate 2804. Said DHCT root certificate 2804 DHCTs that will be controlled by a specific operator may be 
may either be self -signed or may be certified by another placed in a separate file of the input device or may be 
authority. DHCT root signature is preferably administered in associated with an operator in other ways clear to those 
a highly tamper-resistant device, such as one that meets the skilled in the art. 

requirements of FTPS 140-1 Level 3 certification. 20 Prior to generating introductory EMMs 2903, certified 

In the operator chain, the various EA certificates 2803 are public keys of the various operators served by the EMM 
used to make signatures in the manner described elsewhere Generator 2901 are loaded into the public key memory 2904 
herein. Likewise, the Operator CAA signature using the of the EMM Generator 2901. Thus, when EMM generator 
Operator CAA certificate 2802 is used to certify each EA 2901 reads input of DHCTs needed to be introduced to 
signature as described previously herein. Above the operator 25 Operator A, the EMM generator uses the public key of 
CAA signature, two Root CAA signatures may be used to Operator A read from memory 2904 to produce EMMs 
introduce an operator CAA 2802 to a DHCT 333 in a secure containing the public key of Operator A. Likewise, prior to 
way. In fact, preferably at manufacture time, there are three generating introductory EMMs 2903, the private keys of the 
Root CAA public keys placed into the secure NVM of the Root CAAs must be loaded into tne P rivate kev memorv 
DHCT 333. Then, authentic messages from any two of the 30 2905 of tne EMM generator 2901. Said EMMs are digitally 
Root CAAs may be used to replace the third Root CAA si S Ded b y the EMM Generator 2901 using the private keys 
public key with that of the Operator CAA whose key is of the Root CAAs contained in memory 2 905^ Since private 
certified in Operator CAA certificates 2802. The Root CAA si g nin g kevs are contained in memory 2905 of EMM 
is preferably administered by the manufacturer in a tamper- Generator 2901, the EMM Generator 2901 must be imple- 
resistant device that meets or exceeds the requirements of 35 meDted ™ a fashion that Prevents discovery of the 

FIPS 140-1 Level 3 certification. It is possible, however, values of the Root CAA P rivate ke y s stored m memorv 
through an appropriate sequence of messages, to change all 2905 - EMM Generator 2901 should thus be implemented in 
of the Root CAA public keys to be those of other CAAs that a tamper-resistant device which meets the requirements of 
the manufacturer has no control over. It is thus possible to FIPS 140-1 3 or higher. 

remove the manufacturer from the signature chain. In this 40 Since *™> Root CAA P nvate kevs musl be used t0 
case, the Root CAA can be some other organization se P arate CAA Introductory EMMs 2903, there are prefer- 
approved by one or more operators or it may be administered abl X two EMM Generators 2901 implemented, one each for 
by an operator eacn of lne two Root CAA P rivate kevs> 11 ^ also preferred 

As shown in FIG. 28 and described elsewhere herein, tha ! EMM generators 2901 are operated in separate physical 
each operator may have a plurality of EAs. In a preferred 45 facilities. . . , „ , 

embodiment, there is a different EA and an associated EA ^ e Detailed Description of a Preferred Embodiment set 
certificate 2803 for every operating site of any given opera- forth above « to be regarded as exemplary and not 
tor. This ensures that DHCTs can not be migrated between restrictive, and the breadth of the invention disclosed herein 
operational sites without the knowledge and participation of * t0 be determined from the claims as interpreted with the 
the operator CAA signature 2802. 50 m breadth Permitted by the patent laws. 

The geo-political CA certificate 2807 shown in FIG. 28, Wnat 15 claimed is: c . . 

is not required to operate the normal conditional access and 1- Conditional access apparatus for giving a receiver 

electronic activities of the operator. However, the operator conditional access to an instance of service received in the 
may desire to link its signature chain into a larger chain to receiver > one or more entitlements to access the instance of 
be able to participate or have DHCTs 333 participate in 55 «™« being given by one or more entitlement agents and 
transactions involving entities outside of the operator's the conditional access apparatus comprising: 
DBDS. In this case, the signature chains may be readily entitlement agent establishment apparatus in the receiver 
linked to those of geo-political CA and its signature 2807 by for establishing at least one of the entitlement agents in 

having the public keys of one or all of the DHCT root the conditional access apparatus; 

signature 2804, the Root CAA signature 2808 or operator 60 entitlement specification apparatus in the receiver for 
CAA signatures 2802 certified by the geopolitical CA sig- specifying the one or more entitlements for the at least 

nature. Tnis is accomplished by having a certificate placed one entitlement agent, and wherein the entitlement 

in a database for each of the public keys associated with agent establishment apparatus and the entitlement 

signatures 2804, 2808 and 2802. Said certificate is signed specification apparatus operate in response to further 

with the private key of the geo-political CA 2807. 65 messages received in the receiver; and 

FIG. 29 shows an EMM generator 2901. As described access granting apparatus in the receiver for granting 

elsewhere herein, it is preferred that DHCTs 333 that are access to the instance of service in response to a first 
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message received in the receiver which indicates the 
entitlement agent and the entitlement only if the entitle- 
ment agent establishment apparatus has established the 
entitlement agent, and the entitlement specification 
apparatus has granted the entitlement, and wherein the 5 
entitlement agent establishment apparatus disestab- 
lishes the entitlement agent in response to a given 
message of the further messages. 

2. The conditional access apparatus of claim 1, wherein: 
_th^e ntitlemen t_a_gent establishmenUapparatus-includes a— 1 0 

first key representing a conditional access authority; 
and 

the entitlement agent establishment apparatus employs 
the first key to determine whether the given message is 
authentic and disest ablishes the entitleme nlagenLonly- 
if the given message is authentic. 

3. Conditional access apparatus for giving a receiver 
conditional access to an instance of service received in the 
receiver, one or more entitlements to access the instance of 
service being given by one or more entitlement agents and 
the conditional access apparatus comprising: 

entitlement agent establishment apparatus in the receiver 
for establishing at least one of the entitlement agents in 
the conditional access apparatus; 

entitlement specification apparatus in the receiver for 
specifying the one or more entitlements for the at least 
one entitlement agent, wherein the entitlement agent 
establishment apparatus and the entitlement specifica- 
tion apparatus operate in response to further messages 
received in the receiver; and 

access granting apparatus in the receiver for granting 
access to the instance of service in response to a first 
message received in the receiver which indicates the 
entitlement agent and the entitlement only if the entitle- 
ment agent establishment apparatus has established the 
entitlement agent, and the entitlement specification 
apparatus has granted the entitlement, and wherein the 
entitlement agent establishment apparatus establishes a 
new entitlement agent in response to a given message 
of the further messages. 

4. The conditional access apparatus of claim 3, wherein: 
the entitlement agent establishment apparatus includes a 

first key representing a conditional access authority; 
and 
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the entitlement agent establishment apparatus employs 
the first key to determine whether the given message is 
authentic and establishes the new entitlement agent 
only if the given message is authentic. 

5. Conditional access apparatus for giving a receiver 
conditional access to an instance of service received in the 
receiver, one or more entitlements to access the instance of 
service being given by one or more entitlement agents and 
_the„conditional-access- apparatus comprising: ~ 

entitlement agent establishment apparatus in the receiver 
for establishing at least one of the entitlement agents in 
the conditional access apparatus, wherein the entitle- 
ment agent establishment apparatus includes ot her keys 
representingxonditteal access "authorities; 

entitlement specification apparatus in the receiver for 
specifying the one or more entitlements for the at least 
one entitlement agent, wherein the entitlement agent 
establishment apparatus and the entitlement specifica- 
tion apparatus operate in response to further messages 
received in the receiver; and 

access granting apparatus in the receiver for granting 
access to the instance of service in response to a first 
message received in the receiver which indicates the 
entitlement agent and the entitlement only if the entitle- 
ment agent establishment apparatus has established the 
entitlement agent, and the entitlement specification 
apparatus has granted the entitlement, and wherein the 
entitlement agent establishment apparatus changes a 
first key in response to at least first and second message 
of the further messages, the entitlement agent estab- 
lishment apparatus using the other keys to determine 
whether the at least first and second messages are 
authentic and changing the other keys only when the at 
least first and second messages are authentic. 

6, The conditional access apparatus of claim 5, wherein 
the entitlement agent establishment apparatus both estab- 
lishes and disestablishes the conditional access authorities in 
accordance with use of the other keys and authentication of 
the at least first and second messages. 
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It is certified that error appears in the above- identified patent and that said Letters Patent is 
hereby corrected as shown below: 



Column 7. 

Line 29, delete "(DFICT)" and insert therefore -- (DHCT) -- 



Column9: 

Line 34, delete "DHFT" and insert therefore DHCT 
Column 10, 

Line 56, delete "tooether" and insert therefore together - 
Column 1 K 

Line 35, delete "DLICT" and insert therefore -- DHCT - 
Column 12, 

Line 7, delete "(3)" and insert therefore (2) - 
Column 15, 

Line 27, delete "DflCT" and insert therefore DHCT ~- 
Column 17. 

Line 55, delete "617" and insert therefore -- 627 - 
Column 2 1 , 

Line 32, delete "Memoryfiled" and insert therefore -- Memory, filed 
Column 25, 

Line 22, delete "FAD" and insert therefore EAD 

Line 62, delete "333The" and insert therefore -- 333. The - 

Column 34. 

Line 12, delete "canceled" and insert therefore - canceled - 
Column 35, 

Line 19, delete "clement" and insert therefore - element - 
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